Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchscopes PUP after reinstall


  • Please log in to reply
11 replies to this topic

#1 Zone out

Zone out

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 19 May 2016 - 05:06 AM

I just did a clean reinstall of windows 7 and then upgraded to windows 10.  Because of the problems that windows 7 can have getting updates it meant that my computer was connected to the internet for about 6 hours unprotected before I had antivirus and all updates, I was behind a router.  I'm concerned that during this time that my computer may have been infected with something.

 

When I ran a scan with Malwarebytes it found this.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/19/2016
Scan Time: 3:37 PM
Logfile: mbam1.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.19.01
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: a

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326006
Time Elapsed: 22 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, , [7845b4235d3c9c9ab5c19c0faa58728e],
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, , [febf33a45e3bc571f086decd46bc44bc],
PUP.Optional.ASK, HKU\S-1-5-21-3366655140-1282865903-1258802438-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, , [a21b4493f3a66bcb4035b8f310f252ae],

Registry Values: 3
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF, , [7845b4235d3c9c9ab5c19c0faa58728e]
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF, , [febf33a45e3bc571f086decd46bc44bc]
PUP.Optional.ASK, HKU\S-1-5-21-3366655140-1282865903-1258802438-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF, , [a21b4493f3a66bcb4035b8f310f252ae]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

I don't know where ask came from as I had only installed three programs since the reinstall, ccleaner, sandboxie and Malwarebytes, and I did not allow any of them to install a toolbar.  I had Malwarebytes remove the entries and they do not seem to have come back.

 

I was hoping someone could check out my system just to make sure nothing had snuck on while my computer was unprotected for all those hours.

 

Thanks.

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:43 PM

Posted 19 May 2016 - 06:19 AM

If you used the manufacturer's software to reinstall....that could of been the source.

 

You can check further using the programs below.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Zone out

Zone out
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 19 May 2016 - 09:37 PM

I couldn't get Eset to run.  Also I tried to set Mbam to scan for rootkits and got this message.

 

Unable to load the anti rootkit DDA driver - may be caused by rootkit activity

 

SDK scanning error: 200025

 

Here are the logs.

 

# AdwCleaner v5.117 - Logfile created 20/05/2016 at 11:27:37
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : a - A-HP
# Running from : C:\Users\b\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\a\appData\Local\PackageAware

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

\AdwCleaner\AdwCleaner[S1].txt - [735 bytes] - [20/05/2016 11:27:37]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [805 bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by a (Administrator) on Fri 05/20/2016 at 11:46:53.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 0

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/20/2016 at 11:48:13.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 Zone out

Zone out
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 19 May 2016 - 11:44 PM

UPDATE:  I am not currently getting the message about the Mbam rootkit driver that I mentioned in my previous post and Mbam appears to be scanning normally.



#5 Zone out

Zone out
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 20 May 2016 - 03:48 AM

I got the Eset scan to run and it came back clean but I also got the "Unable to load the anti rootkit DDA driver - may be caused by rootkit activity" message again.



#6 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:43 PM

Posted 20 May 2016 - 05:26 AM

Did MBAM complete a scan? The first results you posted don't show you allowed MBAM to delete Ask.

 

Package Aware may have been downloaded intentionally or unintentionally. If you did not download intentionally

allow AdwCleaner to Delete it by clicking on Clean after scan.

 

That MBAM message seems to not have a one size fits all solution.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Zone out

Zone out
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 20 May 2016 - 06:02 AM

After I ran the first scan I had mbam remove all the entries it found and they have not returned.

 

Windows startups

Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\a\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
Yes HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe

 

 

Scheduled tasks

Yes Task ActivateWindowsSearch  %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch \Microsoft\Windows\Media Center
Yes Task AikCertEnrollTask   \Microsoft\Windows\CertificateServicesClient
Yes Task AnalyzeSystem   \Microsoft\Windows\Power Efficiency Diagnostics
No Task Automatic-Device-Join Microsoft Corporation %SystemRoot%\System32\dsregcmd.exe \Microsoft\Windows\Workplace Join
No Task AutoWake   \Microsoft\Windows\SideShow
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) \
Yes Task CleanupTemporaryState Microsoft Corporation %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState \Microsoft\Windows\ApplicationData
Yes Task ConfigureInternetTimeService  %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService \Microsoft\Windows\Media Center
Yes Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program
Yes Task CryptoPolicyTask   \Microsoft\Windows\CertificateServicesClient
No Task Data Integrity Scan   \Microsoft\Windows\Data Integrity Scan
Yes Task Diagnostics Microsoft Corporation %windir%\system32\disksnapshot.exe -z \Microsoft\Windows\DiskFootprint
Yes Task DispatchRecoveryTasks  %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) \Microsoft\Windows\Media Center
Yes Task DmClient Microsoft Corporation %windir%\system32\dmclient.exe \Microsoft\Windows\Feedback\Siuf
Yes Task DsSvcCleanup Microsoft Corporation %windir%\system32\dstokenclean.exe \Microsoft\Windows\ApplicationData
Yes Task EDP Policy Manager   \Microsoft\Windows\AppID
Yes Task ehDRMInit  %SystemRoot%\ehome\ehPrivJob.exe /DRMInit \Microsoft\Windows\Media Center
Yes Task EnableErrorDetailsUpdate   \Microsoft\Windows\ErrorDetails
No Task ErrorDetailsUpdate   \Microsoft\Windows\ErrorDetails
Yes Task FamilySafetyMonitor Microsoft Corporation %windir%\System32\wpcmon.exe \Microsoft\Windows\Shell
Yes Task FamilySafetyRefresh   \Microsoft\Windows\Shell
Yes Task File History (maintenance mode)   \Microsoft\Windows\FileHistory
Yes Task ForceSynchronizeTime   \Microsoft\Windows\Time Synchronization
No Task HiveUploadTask   \Microsoft\Windows\User Profile Service
No Task HybridDriveCachePrepopulate   \Microsoft\Windows\Sysmain
No Task HybridDriveCacheRebalance   \Microsoft\Windows\Sysmain
Yes Task IndexerAutomaticMaintenance   \Microsoft\Windows\Shell
Yes Task InstallPlayReady  %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) \Microsoft\Windows\Media Center
Yes Task KeyPreGenTask   \Microsoft\Windows\CertificateServicesClient
Yes Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
No Task Maintenance Install Microsoft Corporation %systemroot%\system32\usoclient.exe StartInstall \Microsoft\Windows\UpdateOrchestrator
No Task MapsUpdateTask   \Microsoft\Windows\Maps
Yes Task mcupdate  %SystemRoot%\ehome\mcupdate $(Arg0) \Microsoft\Windows\Media Center
Yes Task mcupdate_scheduled  %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 \Microsoft\Windows\Media Center
Yes Task MediaCenterRecoveryTask  %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask \Microsoft\Windows\Media Center
Yes Task Microsoft Compatibility Appraiser Microsoft Corporation %windir%\system32\compattelrunner.exe \Microsoft\Windows\Application Experience
Yes Task MNO Metadata Parser Microsoft Corporation %SystemRoot%\System32\MbaeParserTask.exe \Microsoft\Windows\Mobile Broadband Accounts
Yes Task MobilityManager   \Microsoft\Windows\Ras
Yes Task ObjectStoreRecoveryTask  %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask \Microsoft\Windows\Media Center
Yes Task OCURActivate  %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate \Microsoft\Windows\Media Center
Yes Task OCURDiscovery  %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) \Microsoft\Windows\Media Center
Yes Task PBDADiscovery  %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery \Microsoft\Windows\Media Center
Yes Task PBDADiscoveryW1  %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery \Microsoft\Windows\Media Center
Yes Task PBDADiscoveryW2  %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery \Microsoft\Windows\Media Center
No Task PeriodicScanRetry  %windir%\ehome\MCUpdate.exe -pscn 0 \Microsoft\Windows\Media Center
Yes Task Plug and Play Cleanup   \Microsoft\Windows\Plug and Play
No Task Policy Install Microsoft Corporation %systemroot%\system32\usoclient.exe StartInstall \Microsoft\Windows\UpdateOrchestrator
No Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
Yes Task ProactiveScan   \Microsoft\Windows\Chkdsk
Yes Task ProgramDataUpdater Microsoft Corporation %windir%\system32\compattelrunner.exe -maintenance \Microsoft\Windows\Application Experience
Yes Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
Yes Task PvrRecoveryTask  %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask \Microsoft\Windows\Media Center
Yes Task PvrScheduleTask  %SystemRoot%\ehome\mcupdate.exe -PvrSchedule \Microsoft\Windows\Media Center
Yes Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -upload \Microsoft\Windows\Windows Error Reporting
Yes Task Reboot Microsoft Corporation %systemroot%\system32\MusNotification.exe \Microsoft\Windows\UpdateOrchestrator
No Task RecordingRestart  %SystemRoot%\ehome\ehrec /RestartRecording \Microsoft\Windows\Media Center
Yes Task RegisterSearch  %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) \Microsoft\Windows\Media Center
Yes Task ReindexSearchRoot  %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot \Microsoft\Windows\Media Center
Yes Task ResPriStaticDbSync   \Microsoft\Windows\Sysmain
No Task Resume On Boot Microsoft Corporation %systemroot%\system32\usoclient.exe ResumeUpdate \Microsoft\Windows\UpdateOrchestrator
Yes Task Schedule Scan Microsoft Corporation %systemroot%\system32\usoclient.exe StartScan \Microsoft\Windows\UpdateOrchestrator
Yes Task Scheduled Start Microsoft Corporation C:\WINDOWS\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
Yes Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c -h -o -$ \Microsoft\Windows\Defrag
Yes Task Secure-Boot-Update   \Microsoft\Windows\PI
Yes Task SetupCleanupTask   \Microsoft\Windows\Setup
Yes Task SmartScreenSpecific   \Microsoft\Windows\AppID
Yes Task SpaceAgentTask Microsoft Corporation %windir%\system32\SpaceAgent.exe \Microsoft\Windows\SpacePort
Yes Task SpaceManagerTask Microsoft Corporation %windir%\system32\SpaceMan.exe /Repair \Microsoft\Windows\SpacePort
Yes Task SqlLiteRecoveryTask  %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask \Microsoft\Windows\Media Center
Yes Task Sqm-Tasks   \Microsoft\Windows\PI
Yes Task SR Microsoft Corporation %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
Yes Task StartComponentCleanup   \Microsoft\Windows\Servicing
Yes Task Storage Tiers Management Initialization   \Microsoft\Windows\Storage Tiers Management
No Task Storage Tiers Optimization Microsoft Corp. %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500 \Microsoft\Windows\Storage Tiers Management
Yes Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
Yes Task SynchronizeTimeZone Microsoft Corporation %windir%\system32\tzsync.exe \Microsoft\Windows\Time Zone
Yes Task Sysprep Generalize Drivers Microsoft Corporation %SystemRoot%\System32\drvinst.exe 6 \Microsoft\Windows\Plug and Play
No Task SystemDataProviders   \Microsoft\Windows\SideShow
Yes Task SystemTask   \Microsoft\Windows\CertificateServicesClient
Yes Task Tpm-HASCertRetr   \Microsoft\Windows\TPM
Yes Task Tpm-Maintenance   \Microsoft\Windows\TPM
No Task Uninstallation   \Microsoft\Windows\LanguageComponentsInstaller
Yes Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
Yes Task UpdateRecordPath  %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) \Microsoft\Windows\Media Center
Yes Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task USO_UxBroker_Display Microsoft Corporation C:\windows\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
Yes Task USO_UxBroker_ReadyToReboot Microsoft Corporation C:\windows\system32\MusNotification.exe ReadyToReboot \Microsoft\Windows\UpdateOrchestrator
No Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
Yes Task WIM-Hash-Management   \Microsoft\Windows\WOF
No Task WIM-Hash-Validation   \Microsoft\Windows\WOF
Yes Task Windows Defender Cache Maintenance Microsoft Corporation %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance \Microsoft\Windows\Windows Defender
Yes Task Windows Defender Cleanup Microsoft Corporation %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup \Microsoft\Windows\Windows Defender
Yes Task Windows Defender Scheduled Scan Microsoft Corporation %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob \Microsoft\Windows\Windows Defender
Yes Task Windows Defender Verification Microsoft Corporation %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification \Microsoft\Windows\Windows Defender
Yes Task WinSAT   \Microsoft\Windows\Maintenance
Yes Task WsSwapAssessmentTask Microsoft Corporation %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask \Microsoft\Windows\Sysmain
Yes Task WSTask   \Microsoft\Windows\WS

 

 

Installed Programs

3D Builder Microsoft Corporation 5/19/2016  10.10.38.0
Alarms & Clock Microsoft Corporation 5/19/2016  10.1603.12020.0
App connector Microsoft Corporation 5/19/2016  1.3.3.0
Atheros Driver Installation Program Atheros 5/9/2016 25.6 MB 9.0
Calculator Microsoft Corporation 5/19/2016  10.1601.49020.0
Camera Microsoft Corporation 5/19/2016  2016.325.60.0
CCleaner Piriform 5/20/2016 17.8 MB 5.17
Cisco EAP-FAST Module Cisco Systems, Inc. 5/9/2016 1.52 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 5/9/2016 838 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 5/9/2016 1.28 MB 1.1.6
Get Office Microsoft Corporation 5/20/2016  17.7012.23531.0
Get Skype Skype 5/19/2016  3.2.1.0
Get Started Microsoft Corporation 5/19/2016  3.5.11.0
Groove Music Microsoft Corporation 5/19/2016  3.6.15131.0
IDT Audio IDT 5/9/2016 117 MB 1.0.6292.0
Intel® Graphics Media Accelerator Driver Intel Corporation 5/10/2016  8.15.10.2189
Intel® Management Engine Components Intel Corporation 5/10/2016  6.0.0.1179
Intel® Rapid Storage Technology Intel Corporation 5/11/2016  9.6.2.1001
Mail and Calendar Microsoft Corporation 5/20/2016  17.6868.40731.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 5/19/2016 56.7 MB 2.2.1.1043
Maps Microsoft Corporation 5/20/2016  4.1603.1190.0
Messaging + Skype Microsoft Corporation 5/19/2016  2.15.20002.0
Microsoft Office 2010 Microsoft Corporation 10/21/2010 10.6 MB 14.0.4763.1000
Microsoft Silverlight Microsoft Corporation 10/21/2010 40.8 MB 4.0.50401.0
Microsoft Solitaire Collection Microsoft Studios 5/20/2016  3.9.5100.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10/21/2010 3.39 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10/21/2010 852 KB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 5/9/2016 1.38 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10/21/2010 1.53 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 5/9/2016 1.06 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/21/2010 1.16 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 5/9/2016 639 KB 9.0.30729.4148
Microsoft Wi-Fi Microsoft Corporation 5/19/2016  1.1604.4.0
Money Microsoft Corporation 5/19/2016  4.9.51.0
Movies & TV Microsoft Corporation 5/20/2016  3.6.19761.0
Mozilla Firefox 46.0.1 (x64 en-US) Mozilla 5/20/2016 101 MB 46.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 5/11/2016 2.55 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 5/11/2016 2.67 MB 4.20.9876.0
News Microsoft Corporation 5/19/2016  4.9.51.0
OneNote Microsoft Corporation 5/20/2016  17.6965.57691.0
People Microsoft Corporation 5/19/2016  10.0.10811.0
Phone Microsoft Corporation 5/19/2016  2.15.28004.0
Phone Companion Microsoft Corporation 5/19/2016  10.1602.3010.0
Photos Microsoft Corporation 5/19/2016  16.325.12390.0
Realtek Ethernet Controller Driver For Windows 7 Realtek 5/9/2016 10.8 MB 7.23.623.2010
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 5/9/2016 28.5 MB 6.1.7600.30111
Sandboxie 5.10 (64-bit) Sandboxie Holdings, LLC 5/11/2016  5.10
SoftStylus Motorola 5/9/2016 174 MB 2.2.135.3
Sports Microsoft Corporation 5/19/2016  4.9.51.0
Store Microsoft Corporation 5/19/2016  11602.1.26.0
Sway Microsoft Corporation 5/19/2016  17.6965.45161.0
Synaptics Pointing Device Driver Synaptics Incorporated 5/11/2016 46.4 MB 19.0.12.98
Twitter Twitter Inc. 5/20/2016  5.0.4.0
Voice Recorder Microsoft Corporation 5/19/2016  10.1512.21110.0
Weather Microsoft Corporation 5/19/2016  4.9.51.0
Windows DVD Player Microsoft Corporation 5/19/2016  3.6.13291.0
Windows Live Essentials Microsoft Corporation 10/21/2010  15.4.3502.0922
Xbox Microsoft Corporation 5/19/2016  15.17.3003.0
 


 



#8 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:43 PM

Posted 20 May 2016 - 06:43 AM

Uninstall or update...... Microsoft Silverlight Microsoft Corporation 10/21/2010 40.8 MB 4.0.50401.0

Uninstall....Windows Live Essentials Microsoft Corporation 10/21/2010  15.4.3502.0922

 

Other than that...I'd say you are good to go.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Zone out

Zone out
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 20 May 2016 - 07:24 AM

Is there a rootkit scan that I could run, just in case that mbam message was on to something.



#10 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:43 PM

Posted 20 May 2016 - 07:48 AM

Here is one of several programs for finding and removing rootkits...but I don't think you need to be concerned about the MBAM message.

Rootkit Remover | Bitdefender Labs

 

You have Windows scanning for malware which includes rootkits.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Zone out

Zone out
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 20 May 2016 - 09:38 PM

I ran the bitdefender scan and tdsskiller and both were fine, everyting else is running well.

 

Thanks for your help.



#12 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:43 PM

Posted 21 May 2016 - 11:01 AM

Good...you're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users