Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I might be infected


  • Please log in to reply
10 replies to this topic

#1 fabfifie

fabfifie

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 26 June 2016 - 04:12 AM

Hi my home page keeps reverting to MSN no matter how often I change it back to my preferred homepage. Have I got a virus?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:38 AM

Posted 26 June 2016 - 06:28 AM

Most likely some adware...use the programs below to find and remove both adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 fabfifie

fabfifie
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 01 July 2016 - 06:51 AM

Apologies for the delay have been away on business. The four logs are below:

 

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 09:02:21
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : GeorgeBrown - GEORGE-PC
# Running from : C:\Users\GeorgeBrown\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : iWinTrusted

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\iWin
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[-] Folder Deleted : C:\Program Files (x86)\iwintoolbarforpogo
[-] Folder Deleted : C:\Users\GeorgeBrown\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\GeorgeBrown\AppData\LocalLow\iwintoolbarforpogo
[-] Folder Deleted : C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc

***** [ Files ] *****

[-] File Deleted : C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0.localstorage
[-] File Deleted : C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejocekekgcaldnmjngfdbmbeebcekelc

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\SOFTWARE\Microsoft\IntelliPoint\AppSpecific\PogoDGC.exe
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d925bc12-7440-413e-a040-cef15508f0c5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44E6B68E-8DA5-4093-921B-7275E5B3906A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d925bc12-7440-413e-a040-cef15508f0c5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d925bc12-7440-413e-a040-cef15508f0c5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d925bc12-7440-413e-a040-cef15508f0c5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d925bc12-7440-413e-a040-cef15508f0c5}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{d925bc12-7440-413e-a040-cef15508f0c5}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{d925bc12-7440-413e-a040-cef15508f0c5}]
[-] Key Deleted : HKCU\Software\PogoDGC
[-] Key Deleted : HKLM\SOFTWARE\PogoDGC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PogoDGC
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{304E1DE5-9F24-45AB-828D-45B053BEE9FC}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8E7E22A4-877E-451A-A91B-704EDFC1A7D2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{04DAB1A8-80C7-48FE-AAF1-732AF392E397}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D36AFB11-D81C-4087-B7A5-443A592AF490}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{67C2A514-48E5-4362-A1E4-CFF77ACB5BCA}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E2B8D53E-EE31-4B50-8D0C-15C5935CFE30}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[-] [C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : nortonsafe.search.ask.com
[-] [C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchdial.com
[-] [C:\Users\GeorgeBrown\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ejocekekgcaldnmjngfdbmbeebcekelc

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4784 bytes] - [01/07/2016 09:02:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [4853 bytes] - [01/07/2016 09:01:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4930 bytes] ##########

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by GeorgeBrown (Administrator) on 01/07/2016 at  9:08:45.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 4

Successfully deleted: C:\Users\GeorgeBrown\Documents\add-in express (Folder)
Successfully deleted: C:\WINDOWS\SysWOW64\REN34A3.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENA038.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENDABB.tmp (File)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5FE02F5531D0BABC1A1261A84C16C04C (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/07/2016 at  9:10:30.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/07/2016
Scan Time: 08:26
Logfile: scanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.01.02
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: GeorgeBrown

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358919
Time Elapsed: 23 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Visicom.OL, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iwintoolbarforpogo, Quarantined, [4591f62841593ef83f2ac52fc93802fe],

Registry Values: 1
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarantined, [27af61bd0b8ff93d8b19406dd23117e9]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.iWin, C:\Users\GeorgeBrown\AppData\LocalLow\encyclopediabritannicagamesbar, Quarantined, [b71fdd418e0c181e2e349c28ce34738d],

Files: 2
PUP.Optional.Visicom.OL, C:\Program Files (x86)\iwintoolbarforpogo\dtuser.exe, Quarantined, [379fd04e95052f07c9a09361bf4226da],
PUP.Optional.Visicom.OL, C:\Program Files (x86)\iwintoolbarforpogo\uninstall.exe, Quarantined, [4591f62841593ef83f2ac52fc93802fe],

Physical Sectors: 0
(No malicious items detected)

(end)

 

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbar.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll.vir a variant of Win64/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting

 



#4 buddy215

buddy215

  • BC Advisor
  • 12,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:38 AM

Posted 01 July 2016 - 12:19 PM

Chrome extension...ejocekekgcaldnmjngfdbmbeebcekelc....Spots: make your homepage cool and useful, with a tastefully designed start page, ...

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 fabfifie

fabfifie
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 03 July 2016 - 09:46 AM

Start Up

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-MicrosoftAccount-george-brown@sky.com Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask  C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task GarminUpdaterTask  C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-3683832353-135989344-1929409-1001  
Yes Task PGAutoUpdate PC Tools G:\Program Files\PC Tools\PC Tools Privacy Guardian\SULauncher.exe
Yes Task PGSchedule PC Tools G:\Program Files\PC Tools\PC Tools Privacy Guardian\pg.exe /SF
Yes Task RunAsStdUser Task  F:\Program Files (x86)\Pogo Games\PogoDGC.exe
Yes Task {C27229A1-EB00-4013-B33E-2CF6345D6ADE} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a F:\Office10\MSACCESS.EXE -d C:\WINDOWS\System32
Yes Task {DD9E492B-703B-4FE2-9266-8C147F7746AB} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.exe -c REMOVE=TRUE MODIFY=FALSE

 

Scheduled

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-MicrosoftAccount-george-brown@sky.com Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask  C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task GarminUpdaterTask  C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task Optimize Start Menu Cache Files-S-1-5-21-3683832353-135989344-1929409-1001  
Yes Task PGAutoUpdate PC Tools G:\Program Files\PC Tools\PC Tools Privacy Guardian\SULauncher.exe
Yes Task PGSchedule PC Tools G:\Program Files\PC Tools\PC Tools Privacy Guardian\pg.exe /SF
Yes Task RunAsStdUser Task  F:\Program Files (x86)\Pogo Games\PogoDGC.exe
Yes Task {C27229A1-EB00-4013-B33E-2CF6345D6ADE} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a F:\Office10\MSACCESS.EXE -d C:\WINDOWS\System32
Yes Task {DD9E492B-703B-4FE2-9266-8C147F7746AB} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.exe -c REMOVE=TRUE MODIFY=FALSE

 

Uninstall

 

3D Builder Microsoft Corporation 28/05/2016  11.1.8.0
7-Zip 9.20  07/01/2016  
ABBYY FineReader 6.0 Sprint ABBYY Software House 14/04/2014 119 MB 6.00.1395.4512
Adobe Acrobat Reader DC Adobe Systems Incorporated 03/06/2016 1.08 GB 15.016.20045
Adobe AIR Adobe Systems Incorporated 15/01/2016 22.5 MB 17.0.0.172
Adobe Bridge CC (64 Bit) Adobe Systems Incorporated 10/02/2016 2.71 GB 6.2
Adobe Creative Cloud Adobe Systems Incorporated 07/01/2016  2.5.0.367
Adobe Flash Player 22 NPAPI Adobe Systems Incorporated 17/06/2016 9.26 MB 22.0.0.192
Adobe Photoshop CC Adobe Systems Incorporated 17/06/2016 109 MB 14.0
Adobe Photoshop CS6 Adobe Systems Incorporated 17/06/2016 5.25 GB 13.0
Adobe Photoshop Lightroom 5.7.1 64-bit Adobe Systems Incorporated 25/08/2015 3.22 GB 5.7.1
AIWI Aibelive Co., Ltd. 13/04/2014 30.5 MB 1.1.2.05202
AIWI JoyStick aibelive 13/04/2014 309 KB 1.0.0
Alarms & Clock Microsoft Corporation 01/07/2016  10.1605.1623.0
Amazon Music Amazon Services LLC 07/01/2016  3.11.5.1140
App connector Microsoft Corporation 07/01/2016  1.3.3.0
Apple Application Support (32-bit) Apple Inc. 20/05/2016 152 MB 4.3.1
Apple Application Support (64-bit) Apple Inc. 20/05/2016 170 MB 4.3.1
Apple Mobile Device Support Apple Inc. 20/05/2016 43.2 MB 9.3.0.15
Apple Software Update Apple Inc. 18/03/2016 4.91 MB 2.2.0.150
Audacity 1.2.6  15/01/2016 8.28 MB 
BCL easyConverter SDK 3 (Word Version) 64 BCL Technologies 22/04/2014 5.03 MB 3.0.64
Belkin AC Wireless USB Adapter Belkin 13/04/2014 26.3 MB 1.00.0001
Bonjour Apple Inc. 19/09/2015 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 01/07/2016  10.1605.1582.0
Camera Microsoft Corporation 28/05/2016  2016.404.120.0
Candy Crush Saga king.com 01/07/2016  1.780.8.0
CCleaner Piriform 01/07/2016 18.1 MB 5.19
Classic FTP NCH Software 15/01/2016 44.0 KB 2.38
Core FTP Server  07/01/2016  
CyberLink BD Advisor 2.0  07/01/2016  
CyberLink DVD Suite CyberLink Corp. 14/04/2014 17.9 MB 7.0.1028
CyberLink InstantBurn CyberLink Corp. 15/01/2016 14.5 MB 5.0.3426
CyberLink LabelPrint CyberLink Corp. 14/04/2014 58.6 MB 2.5.1007
CyberLink MediaShow CyberLink Corp. 14/04/2014 153 MB 4.1.2019
CyberLink PhotoNow CyberLink Corp. 14/04/2014 10.3 MB 1.1.5615
CyberLink Power2Go CyberLink Corp. 14/04/2014 60.2 MB 6.0.2001
CyberLink PowerBackup CyberLink Corp. 15/01/2016 11.9 MB 2.5.3425
CyberLink PowerDirector CyberLink Corp. 14/04/2014 232 MB 7.0.2125
CyberLink PowerDVD 8 CyberLink Corp. 14/04/2014 46.1 MB 8.0.2217
CyberLink PowerDVD Copy CyberLink Corp. 15/01/2016 11.4 MB 1.0.5611
CyberLink PowerProducer CyberLink Corp. 14/04/2014 148 MB 5.0.1.0828
Device Simulation Framework 1.0.1 Microsoft 13/04/2014 6.21 MB 1.0.1
DoNotTrackMe Add-on 3.2.1166 Abine Inc 25/09/2014 8.39 MB 3.2.1166
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 14/04/2014 96.2 MB 2.1.0.0
EPSON Scan  07/01/2016  
Epson Stylus SX210_SX410_TX210_TX410 Manual  15/01/2016 6.50 MB 
EPSON SX210 Series Printer Uninstall SEIKO EPSON Corporation 07/01/2016  
ESET Online Scanner v3  07/01/2016  
Family Tree Maker 2014  13/04/2014 361 MB 
Family Tree Maker 2014 Ancestry.com, Inc. 15/01/2016 361 MB 22.0.207
File Shredder 2.5 Pow Tools 13/04/2014 6.03 MB 
FileZilla Client 3.8.1 Tim Kosse 15/01/2016 17.8 MB 3.8.1
Films & TV Microsoft Corporation 27/06/2016  3.6.21441.0
Fling File Transfer NCH Software 15/01/2016 145 KB 2.35
Garmin Express Garmin Ltd or its subsidiaries 15/01/2016 155 MB 4.0.15.0
Get Office Microsoft Corporation 10/06/2016  17.7031.23501.0
Get Skype Skype 07/01/2016  3.2.1.0
Get Started Microsoft Corporation 01/07/2016  3.11.1.0
Glance 2.9 Glance Networks, Inc. 19/12/2014 3.67 MB 
Google Chrome Google Inc. 18/04/2014 489 MB 51.0.2704.103
Groove Music Microsoft Corporation 27/06/2016  3.6.22051.0
iCloud Apple Inc. 20/05/2016 162 MB 5.2.1.69
Indeo® software  07/01/2016  
iTranslate - translator & dictionary Sonico GmbH 07/01/2016  1.2.0.0
iTunes Apple Inc. 10/06/2016 282 MB 12.4.1.6
Java 8 Update 91 Oracle Corporation 20/05/2016 178 MB 8.0.910.14
Java 8 Update 91 (64-bit) Oracle Corporation 20/05/2016 204 MB 8.0.910.14
Mail and Calendar Microsoft Corporation 27/06/2016  17.6965.40901.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 01/07/2016 57.4 MB 2.2.1.1043
Maps Microsoft Corporation 27/06/2016  5.1606.1670.0
Messaging + Skype Microsoft Corporation 09/05/2016  2.15.20002.0
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 14/08/2015 2.47 MB 4.0.40804.0
Microsoft Mahjong Microsoft Studios 07/01/2016  2.5.1508.1801
Microsoft Mouse and Keyboard Center Microsoft Corporation 15/01/2016 37.6 MB 2.5.166.0
Microsoft Office 365 - en-us Microsoft Corporation 01/07/2016 118 MB 16.0.6965.2058
Microsoft Office File Validation Add-In Microsoft Corporation 10/06/2016 54.2 MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 07/01/2016  12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 01/07/2016 143 MB 5.1.50428.0
Microsoft Solitaire Collection Microsoft Studios 03/06/2016  3.9.5250.0
Microsoft Treasure Hunt Microsoft Studios 07/01/2016  1.0.1405.747
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17/04/2014 10.7 MB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 21/04/2014 11.1 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 21/04/2014 23.8 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 22/04/2014 23.0 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 20/06/2014 9.01 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13/04/2014 9.01 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21/04/2014 9.00 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15/04/2014 8.36 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 20/02/2015 41.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 20/02/2015 23.6 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 07/01/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 07/01/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 26/01/2016 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 07/01/2016 17.1 MB 12.0.21005.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 01/07/2016 22.8 MB 10.0.50903
Microsoft WiFi Microsoft Corporation 09/05/2016  1.1604.4.0
Money Microsoft Corporation 01/07/2016  4.11.156.0
MSI Afterburner 2.2.4 MSI Co., LTD 07/01/2016  2.2.4
MSI_Drivers_x64 Belkin 13/04/2014 12.2 MB 6.30.61.21
MSN Food & Drink Microsoft Corporation 07/01/2016  3.0.4.336
MSN Health & Fitness Microsoft Corporation 07/01/2016  3.0.4.336
MSN Travel Microsoft Corporation 07/01/2016  3.0.4.336
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 14/04/2014 5.04 MB 4.20.9818.0
Nikon FotoShare  07/01/2016  1.0.1.0
Nikon Message Center  15/01/2016 773 KB 0.91.000
Norton Security with Backup Symantec Corporation 27/11/2015 706 MB 22.6.0.142
NVIDIA 3D Vision Controller Driver 352.65 NVIDIA Corporation 26/01/2016 8.52 MB 352.65
NVIDIA 3D Vision Driver 361.43 NVIDIA Corporation 26/01/2016 31.6 MB 361.43
NVIDIA GeForce Experience 2.9.1.22 NVIDIA Corporation 26/01/2016 26.9 MB 2.9.1.22
NVIDIA Graphics Driver 361.43 NVIDIA Corporation 26/01/2016 548 MB 361.43
NVIDIA HD Audio Driver 1.3.34.4 NVIDIA Corporation 26/01/2016 8.42 MB 1.3.34.4
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 13/08/2015 348 MB 9.15.0428
OneNote Microsoft Corporation 01/07/2016  17.7070.58001.0
People Microsoft Corporation 08/04/2016  10.0.10811.0
Phone Microsoft Corporation 03/06/2016  2.17.27003.0
Phone Companion Microsoft Corporation 01/07/2016  10.1605.1661.0
Photos Microsoft Corporation 03/06/2016  16.526.11220.0
PictureProject Nikon 07/01/2016  1.0
Plants Vs Zombies: Game of the Year Edition Pogo.com 07/01/2016 47.9 MB 1.2.0.1073
QuickTime 7 Apple Inc. 04/07/2015 97.2 MB 7.77.80.95
Reader Microsoft Corporation 27/06/2016  6.4.9926.18339
Reader for PC Sony Corporation 11/01/2015 109 MB 2.4.01.10241
Reader Library by Sony Sony Corporation 10/01/2015 31.6 MB 3.3.00.07130
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15/01/2016 40.7 MB 6.0.1.7535
Revo Uninstaller Pro 3.0.8 VS Revo Group, Ltd. 23/04/2014 34.8 MB 3.0.8
Rule the Kingdom GAME INSIGHT GLOBAL LIMITED 07/01/2016  5.0.0.39
Samsung Kies3 Samsung Electronics Co., Ltd. 06/09/2015 47.7 MB 3.2.15072.2
Skype Click to Call Microsoft Corporation 29/05/2016 42.5 MB 8.3.0.9150
Skype™ 7.7 Skype Technologies S.A. 06/08/2015 114 MB 7.7.103
Smart Switch Samsung Electronics Co., Ltd. 13/11/2015 32.4 MB 4.0.15104.7
Sport Microsoft Corporation 01/07/2016  4.11.156.0
Steam Valve Corporation 07/01/2016  
Store Microsoft Corporation 09/05/2016  11602.1.26.0
supra MusicSplitter SUPRA Foto-Elektronik-Vertriebs-GmbH 22/11/2014 34.9 MB 1.1.0.0
Sway Microsoft Corporation 27/06/2016  17.7070.45221.0
Total War: ROME II Creative Assembly 17/06/2016 24.5 GB 
Twitter Twitter Inc. 01/07/2016  5.1.3.0
uns uns 07/01/2016  1.0.1.7
VLC media player 2.1.3 VideoLAN 15/01/2016 95.6 MB 2.1.3
Voice Recorder Microsoft Corporation 27/06/2016  10.1605.1471.0
WD Drive Utilities Western Digital Technologies, Inc. 18/03/2016 33.0 MB 1.3.0.18
WD Quick View Western Digital Technologies, Inc. 11/03/2016 26.1 MB 2.4.14.13
WD Security Western Digital Technologies, Inc. 14/04/2014 22.5 MB 1.0.4.11
WD SmartWare Western Digital Technologies, Inc. 11/03/2016 103 MB 2.4.14.13
WD SmartWare Installer Western Digital Technologies, Inc. 11/03/2016 112 MB 2.4.14.13
Weather Microsoft Corporation 01/07/2016  4.11.156.0
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Dynastream Innovations, Inc. 07/01/2016  04/11/2012 1.2.40.201
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) Silicon Labs Software 07/01/2016  02/06/2007 3.1
Windows Reading List Microsoft Corporation 27/06/2016  6.3.9654.21234
Windows Scan Microsoft Corporation 07/01/2016  6.3.9654.17133
WinZip 19.5 WinZip Computing, S.L.  26/06/2015 301 MB 19.5.11475
WYSIWYG Web Builder 6  07/01/2016  
Xbox Microsoft Corporation 27/06/2016  15.18.14017.0
Yahoo! Messenger Yahoo! Inc. 07/01/2016  
Zip Opener Tiny Opener 09/05/2016  1.1.0.27

 



#6 buddy215

buddy215

  • BC Advisor
  • 12,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:38 AM

Posted 03 July 2016 - 12:26 PM

Looks like you posted the Tasks list twice....instead of posting the Windows Startup list. Please post that 

list and the meantime I will look through these two and post suggestions. 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 buddy215

buddy215

  • BC Advisor
  • 12,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:38 AM

Posted 03 July 2016 - 12:41 PM

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right. 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task AdobeAAMUpdater-1.0-MicrosoftAccount-george-brown@sky.com Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled

Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask  C:\Windows\BrowserChoice\browserchoice.exe /launch
Yes Task GarminUpdaterTask  C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task PGAutoUpdate PC Tools G:\Program Files\PC Tools\PC Tools Privacy Guardian\SULauncher.exe
Yes Task PGSchedule PC Tools G:\Program Files\PC Tools\PC Tools Privacy Guardian\pg.exe /SF
Yes Task RunAsStdUser Task  F:\Program Files (x86)\Pogo Games\PogoDGC.exe
Yes Task {C27229A1-EB00-4013-B33E-2CF6345D6ADE} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a F:\Office10\MSACCESS.EXE -d C:\WINDOWS\System32
Yes Task {DD9E492B-703B-4FE2-9266-8C147F7746AB} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.exe -c REMOVE=TRUE MODIFY=FALSE

 

 

Uninstall These programs: 

Adobe AIR Adobe Systems Incorporated 15/01/2016 22.5 MB 17.0.0.172

Candy Crush Saga king.com 01/07/2016  1.780.8.0

ESET Online Scanner v3  07/01/2016  

QuickTime 7 Apple Inc. 04/07/2015 97.2 MB 7.77.80.95

Skype Click to Call Microsoft Corporation 29/05/2016 42.5 MB 8.3.0.9150

Yahoo! Messenger Yahoo! Inc. 07/01/2016  
Zip Opener Tiny Opener 09/05/2016  1.1.0.27

 

Uninstall or Update....Adobe Acrobat Reader DC Adobe Systems Incorporated 03/06/2016 1.08 GB 15.016.20045 

Uninstall if not up to date and paid for....Norton Security with Backup Symantec Corporation 27/11/2015 706 MB 22.6.0.142


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 fabfifie

fabfifie
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 July 2016 - 03:03 AM

Start up

Yes HKCU:Run AdobeBridge  
No HKCU:Run Amazon Music Amazon Services LLC "C:\Users\GeorgeBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run EPSON SX210 Series SEIKO EPSON CORPORATION C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_S67B5.tmp" /EF "HKCU"
No HKCU:Run iCloudDrive Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
No HKCU:Run iCloudPhotos Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
No HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
No HKCU:Run OneDrive Microsoft Corporation "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
No HKLM:Run Adobe Creative Cloud  "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
No HKLM:Run CLMLServer CyberLink "F:\Power2Go\CLMLSvc.exe"
Yes HKLM:Run DriveUtilitiesHelper Western Digital Technologies, Inc. C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run P2Go_Menu CyberLink Corp. "F:\Power2Go\MUITransfer\MUIStartMenu.exe" "F:\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
No HKLM:Run PDVD8LanguageShortcut CyberLink F:\PowerDVD8\Language\Language.exe
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
No HKLM:Run RemoteControl8 Cyberlink Corp. F:\PowerDVD8\PDVD8Serv.exe
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run UpdatePDRShortCut CyberLink Corp. "F:\DVD Suite\MUITransfer\MUIStartMenu.exe" "F:\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
Yes HKLM:Run UpdatePPShortCut CyberLink Corp. "F:\PowerProducer\MUITransfer\MUIStartMenu.exe" "F:\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
Yes HKLM:Run WD Drive Unlocker Western Digital Technologies, Inc. C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
No HKLM:Run WD Quick View Western Digital Technologies, Inc. C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
No Startup Common FAH.lnk Nico Mak Computing C:\Program Files\WinZip\FAH\FAHConsole.exe
No Startup Common NkbMonitor.exe.lnk Nikon Corporation F:\NkbMonitor.exe
No Startup Common WinZip Preloader.lnk WinZip Computing, S.L. C:\Program Files\WinZip\WzPreloader.exe
 



#9 buddy215

buddy215

  • BC Advisor
  • 12,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:38 AM

Posted 08 July 2016 - 05:58 AM

Disable these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run AdobeBridge

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\GeorgeBrown\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"

Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

Yes HKLM:Run ShadowPlay Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

Yes HKLM:Run UpdatePDRShortCut CyberLink Corp. "F:\DVD Suite\MUITransfer\MUIStartMenu.exe" "F:\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
Yes HKLM:Run UpdatePPShortCut CyberLink Corp. "F:\PowerProducer\MUITransfer\MUIStartMenu.exe" "F:\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"

 

Rerun AdwCleaner and be sure to choose Clean when scan finishes.

Run a scan using MBAM and allow it to delete/ quarantine whatever it finds.

 

After doing the above and rebooting....please tell me if the computer is performing up to par or what problems exist.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 fabfifie

fabfifie
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 08 July 2016 - 09:45 AM

thanks, nothing found and home page is now not reverting to MSN.   Many thanks for your assistance

 

cheers



#11 buddy215

buddy215

  • BC Advisor
  • 12,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:38 AM

Posted 08 July 2016 - 10:23 AM

Good...you're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users