Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious FlashPlayer Popups


  • Please log in to reply
16 replies to this topic

#1 SeekingHelp2014

SeekingHelp2014

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 February 2016 - 04:34 PM

Hello,

 

I have been noticing as of late FlashPlayer.exe updates from unusual sites whenever I am on a news webpage. The first one was from waequse.managlobal.org and the one today was from wshchnuffnang.com. Very suspicious. I would greatly appreciate any assistance in getting to the bottom of this problem. Thank you very much.

 

 

**My computer runs Windows 7 Home Premium. Service Pack 1. Dell. Inspiron 3847. Intel® Core™ i5-4440 CPU @ 3.10GHz 8.00 GB 64 Bit Operating System

 

**Edited to reflect that my McAfee antivirus found nothing, nor did MalwareBytes and SuperAntiSpyware.


Edited by SeekingHelp2014, 27 February 2016 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 27 February 2016 - 08:44 PM

See what the scans below will find. Cleanup the comp using CCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 SeekingHelp2014

SeekingHelp2014
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 28 February 2016 - 01:03 AM

Thanks, buddy215. Here are the results:

 

# AdwCleaner v5.036 - Logfile created 27/02/2016 at 19:56:11
# Updated 22/02/2016 by Xplode
# Database : 2016-02-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\Ryan\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Ryan\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Ryan\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lfs9ndfw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Files ] *****

[-] File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lfs9ndfw.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3100 bytes] - [27/02/2016 19:56:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [2998 bytes] - [27/02/2016 19:53:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3246 bytes] ##########

 

-----

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by Ryan (Administrator) on Sat 02/27/2016 at 20:04:47.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WRSB6UB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD2X50DW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3L0H2PC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWXV7TLP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WRSB6UB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD2X50DW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3L0H2PC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWXV7TLP (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7D330BAA-6C47-41D8-991A-7EE391AB9B9E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/27/2016 at 20:06:54.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

No infections were found from the ESET Online Scan.



#4 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 28 February 2016 - 07:06 AM

Post the FOUR lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for Firefox browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups, Firefox and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 SeekingHelp2014

SeekingHelp2014
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 28 February 2016 - 12:07 PM

After clicking Tools and Startups, I only see Windows, Scheduled Tasks, and Context Menu. I don't see one for Firefox. Also, there was no Copy and Paste on the bottom right but there was "Save to text file".  Below is that text file for Windows:

 

Yes    HKCU:Run    Amazon Music    Amazon Services LLC    "C:\Users\Ryan\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes    HKCU:Run    SUPERAntiSpyware    SUPERAntiSpyware    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    Dell Registration    Dell, Inc.    C:\Program Files (x86)\System Registration\prodreg.exe /boot
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    "C:\Windows\system32\hkcmd.exe"
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IAStorIcon    Intel Corporation    "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
Yes    HKLM:Run    IgfxTray    Intel Corporation    "C:\Windows\system32\igfxtray.exe"
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    Persistence    Intel Corporation    "C:\Windows\system32\igfxpers.exe"
Yes    HKLM:Run    RtHDVBg    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
Yes    HKLM:Run    RtHDVBg_PushButton    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    Startup User    Monitor Ink Alerts - HP Deskjet 2540 series.lnk    Microsoft Corporation    C:\Windows\system32\RunDll32.exe
 

Below is the text file for Scheduled Tasks:

 

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    Dell SupportAssistAgent AutoUpdate    Dell Inc.    C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate
Yes    Task    HPCustParticipation HP Deskjet 2540 series    Hewlett-Packard Co.    "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00
Yes    Task    Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse    McAfee, Inc.    C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /script=mcnrdhck.lua /periodicRunCount=7
Yes    Task    Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse    McAfee, Inc.    C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=2539.0 /datupdatestatus=0
Yes    Task    McAfee Remediation (Prepare)    McAfee, Inc.    C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
Yes    Task    McAfeeLogon    McAfee, Inc.    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui
Yes    Task    PCDDataUploadTask        "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes    Task    SystemToolsDailyTest        "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

 

Below is the text file for Context Menu:

 

Yes    Directory    Add to Winamp's Bookmark list    Nullsoft, Inc.    "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Yes    Directory    Enqueue in Winamp    Nullsoft, Inc.    "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Yes    Directory    Play in Winamp    Nullsoft, Inc.    "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Yes    File    Atheros    Qualcomm®Atheros®    C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll
Yes    File    FTShellContext    Qualcomm®Atheros®    C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll
Yes    File    McCtxMenuFrmWrk    McAfee, Inc.    c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll
Yes    Folder    McCtxMenuFrmWrk    McAfee, Inc.    c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll
 

Below is the list for Uninstall:

 

Accidental Damage Services Agreement    Dell Inc.    4/22/2014        2.0.0
Adobe Flash Player 20 ActiveX    Adobe Systems Incorporated    2/10/2016    7.84 MB    20.0.0.306
Adobe Flash Player 20 NPAPI    Adobe Systems Incorporated    2/10/2016    8.40 MB    20.0.0.306
Adobe Reader XI (11.0.14)  MUI    Adobe Systems Incorporated    1/12/2016    642 MB    11.0.14
Amazon MP3 Downloader 1.0.17    Amazon Services LLC    2/28/2015        1.0.17
Amazon Music    Amazon Services LLC    1/17/2016        4.0.0.1205
Apple Application Support (32-bit)    Apple Inc.    12/12/2015    114 MB    4.1.1
Apple Application Support (64-bit)    Apple Inc.    12/12/2015    128 MB    4.1.1
Apple Mobile Device Support    Apple Inc.    12/12/2015    28.0 MB    9.1.0.6
Apple Software Update    Apple Inc.    12/12/2015    2.39 MB    2.1.4.131
Banctec Service Agreement    Dell Inc.    4/22/2014        2.0.0
Bonjour    Apple Inc.    12/12/2015    2.01 MB    3.1.0.1
CCleaner    Piriform    2/27/2016        5.15
Cisco EAP-FAST Module    Cisco Systems, Inc.    4/22/2014    1.55 MB    2.2.14
Cisco LEAP Module    Cisco Systems, Inc.    4/22/2014    644 KB    1.0.19
Cisco PEAP Module    Cisco Systems, Inc.    4/22/2014    1.23 MB    1.1.6
Complete Care Business Service Agreement    Dell Inc.    4/22/2014        2.0.0
Consumer In-Home Service Agreement    Dell Inc.    4/22/2014        2.0.0
Dell Backup and Recovery    Dell Inc.    4/22/2014        1.6.2.0
Dell Backup and Recovery - Support Software    Dell Inc.    4/22/2014        1.6.2.0
Dell Data Vault        4/22/2014        
Dell Digital Delivery    Dell Products, LP    4/22/2014        2.8.5000.0
Dell Home Systems Service Agreement    Dell Inc.    4/22/2014        2.0.0
Dell Product Registration    Dell Inc.    4/22/2014        1.1.3
Dell SupportAssist    Dell    1/28/2016    197 MB    1.2.6745.47
Dell SupportAssistAgent    Dell    11/26/2015    47.9 MB    1.1.1.14
Dell Update    Dell Inc.    8/29/2015    2.91 MB    1.7.1015.0
Dell WLAN and Bluetooth Client Installation    Dell Inc.    12/19/2015        10.0
ESET Online Scanner v3        2/27/2016        
HP Deskjet 2540 series Basic Device Software    Hewlett-Packard Co.    12/26/2015    154 MB    32.2.188.47710
HP Deskjet 2540 series Help    Hewlett Packard    6/29/2014    6.69 MB    30.0.0
HP FWUpdateEDO2    Hewlett-Packard    7/6/2014    1.53 MB    1.2.0.0
HP Photo Creations    HP    6/29/2014    14.6 MB    1.0.0.7702
HP Support Solutions Framework    Hewlett-Packard Company    12/26/2015    6.25 MB    12.0.30.219
HP Update    Hewlett-Packard    6/29/2014    4.04 MB    5.005.002.002
Intel® Management Engine Components    Intel Corporation    4/22/2014        9.5.23.1766
Intel® Processor Graphics    Intel Corporation    4/22/2014        10.18.10.3412
Intel® Rapid Storage Technology    Intel Corporation    4/22/2014        12.7.3.1001
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    4/22/2014        2.5.0.19
iTunes    Apple Inc.    12/12/2015    215 MB    12.3.2.35
Malwarebytes Anti-Malware version 2.2.0.1024    Malwarebytes    10/25/2015    66.0 MB    2.2.0.1024
McAfee LiveSafe – Internet Security    McAfee, Inc.    2/27/2016        14.0.7080
Microsoft .NET Framework 4.5.2    Microsoft Corporation    12/20/2015    38.8 MB    4.5.51209
Microsoft Office Professional Plus 2013 - en-us    Microsoft Corporation    2/23/2016        15.0.4797.1003
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    4/22/2014    300 KB    8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    4/22/2014    572 KB    8.0.61000
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    4/22/2014    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    4/22/2014    11.1 MB    10.0.40219
Mozilla Firefox 44.0.2 (x86 en-US)    Mozilla    2/14/2016    87.8 MB    44.0.2
Mozilla Maintenance Service    Mozilla    2/14/2016    341 KB    44.0.2.5884
Premium Service Agreement    Dell Inc.    4/22/2014        2.0.0
Product Improvement Study for HP Deskjet 2540 series    Hewlett-Packard Co.    12/26/2015    9.67 MB    32.2.188.47710
QualxServ Service Agreement    Dell Inc.    4/22/2014        2.0.0
Realtek Card Reader    Realtek Semiconductor Corp.    4/22/2014        6.2.9200.30164
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    4/22/2014        6.0.1.7004
Shared C Run-time for x64    McAfee    4/22/2014    1.38 MB    10.0.0
Speccy    Piriform    12/27/2014        1.27
SpywareBlaster 5.4    BrightFort LLC    12/26/2015    9.16 MB    5.4.0
SUPERAntiSpyware    SUPERAntiSpyware.com    4/25/2014    38.9 MB    5.7.1018
Winamp    Nullsoft, Inc    4/25/2014        5.666
Yahoo! Messenger    Yahoo! Inc.    6/7/2014        
Yahoo! Software Update        6/7/2014        
 



#6 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 28 February 2016 - 12:55 PM

That's weird. CCleaner usually shows a tab at the top for each browser after clicking on Startups. Check again, please.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    Amazon Music    Amazon Services LLC    "C:\Users\Ryan\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes    HKCU:Run    SUPERAntiSpyware    SUPERAntiSpyware    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (DISABLE ONLY IF THIS IS THE FREE VERSION)
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    Dell Registration    Dell, Inc.    C:\Program Files (x86)\System Registration\prodreg.exe /boot

Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

Yes    HKLM:Run    IgfxTray    Intel Corporation    "C:\Windows\system32\igfxtray.exe"
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"

Yes    Startup User    Monitor Ink Alerts - HP Deskjet 2540 series.lnk    Microsoft Corporation    C:\Windows\system32\RunDll32.exe
 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    Dell SupportAssistAgent AutoUpdate    Dell Inc.    C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate
Yes    Task    HPCustParticipation HP Deskjet 2540 series    Hewlett-Packard Co.    "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00

Yes    Task    PCDDataUploadTask        "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes    Task    SystemToolsDailyTest        "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

 

Uninstall these programs:

ESET Online Scanner v3        2/27/2016   

Product Improvement Study for HP Deskjet 2540 series    Hewlett-Packard Co.    12/26/2015    9.67 MB    32.2.188.47710

Yahoo! Messenger    Yahoo! Inc.    6/7/2014        
Yahoo! Software Update        6/7/2014        
 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 28 February 2016 - 01:12 PM

Here's an image of CCleaner's Startup page. I do see it says the Professional CCleaner but my free version on my Windows 7 shows the same Tabs. 

That shows Tabs for Internet Explorer, Firefox and Google Chrome browsers.

 

ccleaner5.png


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 SeekingHelp2014

SeekingHelp2014
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 28 February 2016 - 01:20 PM

Maybe it's because the version number is different. Mine shows v5.15.5513 (64 Bit). Sorry, the forum doesn't allow me to use the Snipping Tool to paste.



#9 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 28 February 2016 - 01:53 PM

After completing all the steps above...disabling and uninstalling...and rebooting the computer, is the original problem

mentioned still occurring? If so, you will need to do a clean reinstall of Firefox. You can save your Bookmarks before doing

that. A clean reinstall is best done by running the uninstaller for Firefox and then doing a search on the computer using the 

terms Mozilla and then Firefox. Delete all but the saved Bookmarks. Best to save to the Desktop and you can save to an email, too.

 

To backup/ save Bookmarks click on History > Show All History > Import and Backup > Export Bookmarks to HTML


Edited by buddy215, 28 February 2016 - 01:53 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 SeekingHelp2014

SeekingHelp2014
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 28 February 2016 - 03:39 PM

I followed your steps above. Thank you. I'll monitor it to see if the original problem comes back, and if so, will do the clean install for Firefox. Should I uninstall the CCleaner now?



#11 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 28 February 2016 - 04:24 PM

Keep CCleaner and use it often. Plus...if you think you might want to reenable one of the items you disabled it is easy to do

using CCleaner.

 

You're welcome....hopefully you won't have to reinstall Firefox.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 SeekingHelp2014

SeekingHelp2014
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 28 February 2016 - 04:56 PM

Thank you.

 

Sometimes I've been noticing today that my McAfee AV turns off and I'm alerted about it. This morning it was off and every time I tried to enable it, it wouldn't stay on. I thought that might be because of the CCleaner or other software I downloaded.

 

**Edited to reflect that my McAfee Real Time Scanning is off currently and won't stay on. Do you know why this might be occurring? Could it be some software conflict?


Edited by SeekingHelp2014, 28 February 2016 - 05:47 PM.


#13 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 28 February 2016 - 05:53 PM

Intel's McAfee isn't listed in Windows Startups. You would of stopped it from running before scanning with JRT.

Check to be sure you reenabled it.

 

Check to see if one of the below Scheduled Tasks was accidently turned off. They are all Intel's McAfee Tasks.

Yes    Task    Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse    McAfee, Inc.    C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /script=mcnrdhck.lua /periodicRunCount=7
Yes    Task    Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse    McAfee, Inc.    C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=2539.0 /datupdatestatus=0
Yes    Task    McAfee Remediation (Prepare)    McAfee, Inc.    C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
Yes    Task    McAfeeLogon    McAfee, Inc.    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 SeekingHelp2014

SeekingHelp2014
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 01 March 2016 - 12:21 AM

Intel's McAfee isn't listed in Windows Startups. You would of stopped it from running before scanning with JRT.

Check to be sure you reenabled it.

 

Check to see if one of the below Scheduled Tasks was accidently turned off. They are all Intel's McAfee Tasks.

Yes    Task    Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse    McAfee, Inc.    C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /script=mcnrdhck.lua /periodicRunCount=7
Yes    Task    Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse    McAfee, Inc.    C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=2539.0 /datupdatestatus=0
Yes    Task    McAfee Remediation (Prepare)    McAfee, Inc.    C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
Yes    Task    McAfeeLogon    McAfee, Inc.    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui

 

I don't see the one in red in my Scheduled Tasks. The other three I do but not this one.



#15 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:21 PM

Posted 01 March 2016 - 07:43 AM

Are you still having a problem with McAfee not staying on?

It should be listed in the Windows Startups. If not, then you may need to reinstall it or see if the option to

repair is mentioned when choosing to uninstall. I've looked through what was removed by the scanners and

I don't see anything that should have affected McAfee's staying on.

 

If reinstalling is necessary then read the info in this link concerning license and the McAfee's uninstall tool.

McAfee Consumer Product Removal tool - Knowledge Base


Edited by buddy215, 01 March 2016 - 09:46 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users