Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I remove the Chrome Update virus?


  • Please log in to reply
14 replies to this topic

#1 Ayface

Ayface

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 26 July 2016 - 02:50 AM

Hi, about a week ago I realized that something was downloaded onto my computer that I didn't approve of that was pretending to be a Chrome update. I scanned it with Malwarebytes and WindowsDefender, but they both found no threats. I decided to then try to open it up but Windows prevented it. I soon forgot about it and went on.

 

However, today something else that was also pretending to be a Chrome update tried to randomly download itself, but Chrome luckily stopped it. I then remembered the other fake Chrome update and did some research, however I didn't want to follow instructions that weren't directed towards me. I went back in my files where the first Chrome update virus had put itself and saw something else there. These are the two files that were put in my downloads folder without me knowing:  

 

http://i.imgur.com/9C8nktl.png

 

I then went into my downloads on Chrome.

 

http://i.imgur.com/k4vkIMY.png

 

http://i.imgur.com/vb6DU3s.png

 

It had somehow allowed the first one but caught the second one. I'm very confused and I need help to remove this little bugger. Any and all help is appreciated. 

Also, I'm running on Windows 10 and have a 64-bit operating system if that helps.

 

Thanks!

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 11,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:43 AM

Posted 26 July 2016 - 05:03 AM

Information on Chrome downloads.....What is a .CRDOWNLOAD File and Can You Delete It?

If something is downloading without your permission then that is likely adware or malware. Use the programs below to clean up, find and remove adware and malware.

I note that you have scanned with MBAM but be sure the settings are the same as in the instructions below and post a new scan log using those settings.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 26 July 2016 - 09:20 PM

Thank you for your information on Chrome downloads!

 

Logs:

 

Malwarebytes:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/26/2016
Scan Time: 4:29 PM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.26.09
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Ayla
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316993
Time Elapsed: 11 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Booking, C:\Program Files\Booking.COM, Quarantined, [4b56aa7e7921be78d4c603b79f6540c0], 
 
Files: 4
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, Quarantined, [4b56aa7e7921be78d4c603b79f6540c0], 
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, Quarantined, [4b56aa7e7921be78d4c603b79f6540c0], 
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, Quarantined, [4b56aa7e7921be78d4c603b79f6540c0], 
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, Quarantined, [4b56aa7e7921be78d4c603b79f6540c0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
AdwCleaner:
 
 
# AdwCleaner v5.201 - Logfile created 26/07/2016 at 17:21:59
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-26.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Ayla - AYLASCOMPUTER
# Running from : C:\Users\Ayla\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : swdumon
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\pokki
[#] Folder Deleted : C:\ProgramData\Application Data\pokki
[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Program Files (x86)\Amazon\Amazon1ButtonApp
[-] Folder Deleted : C:\Users\Ayla\AppData\Local\SweetLabs App Platform
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Ayla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\Ayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\Ayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : SweetLabs App Platform
[-] Task Deleted : ACC
[-] Task Deleted : Software Update Application
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_6f939df69d6785524f49659b9500d1f87280d9ff
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[-] Key Deleted : HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key Deleted : HKU\S-1-5-21-821474297-2908956192-4159563269-1001\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxps://homepage-web.com/?s=acer&m=start
[-] [C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://homepage-web.com/?s=acer&m=home
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3962 bytes] - [26/07/2016 17:21:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [4386 bytes] - [26/07/2016 17:19:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4108 bytes] ##########
 
 
 
Junkware Removal Tool
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Ayla (Administrator) on Tue 07/26/2016 at 18:07:27.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD46A543-BD15-4F97-B9A3-8C2A9D9E77E5} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/26/2016 at 18:09:02.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
ESET Scan
 
 
C:\Users\Ayla\Downloads\chrome_update.bat PowerShell/TrojanDownloader.Agent.BO trojan cleaned by deleting
 
 
 
 
 

 

 



#4 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 27 July 2016 - 12:49 AM

 

Information on Chrome downloads.....What is a .CRDOWNLOAD File and Can You Delete It?

If something is downloading without your permission then that is likely adware or malware. Use the programs below to clean up, find and remove adware and malware.

I note that you have scanned with MBAM but be sure the settings are the same as in the instructions below and post a new scan log using those settings.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Sorry I didn't know if you would receive my post if I didn't do this.



#5 buddy215

buddy215

  • BC Advisor
  • 11,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:43 AM

Posted 27 July 2016 - 05:23 AM

Looks like Eset found the culprit doing the downloading......

C:\Users\Ayla\Downloads\chrome_update.bat PowerShell/TrojanDownloader.Agent.BO trojan cleaned by deleting
 
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 27 July 2016 - 05:19 PM



 

Looks like Eset found the culprit doing the downloading......

C:\Users\Ayla\Downloads\chrome_update.bat PowerShell/TrojanDownloader.Agent.BO trojan cleaned by deleting
 
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;

  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.

  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).

  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;

  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;

  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;

  • This time, click on Logs;

  • From there, go under the Quarantine Log tab, and click on the Export button;

  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

  • Please download Security Check by glax24 and save the file to the Desktop

  • Run the tool by accepting all the Security prompts

  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard

  • Simply Paste the log to your reply

 

 

Emsisoft didn't find anything.

 

Security Check:

 

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 27.07.2016 17:15:39
Path starting: C:\Users\Ayla\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Ayla
VersionXML: 3.25is-27.07.2016
___________________________________________________________________________
 
Windows 10(6.3.10586) (x64) Core Lang: English(0409)
Installation date OS: 05.07.2016 00:58:01
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeO365HomePremR_SubTrial5 edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [913.9 Gb] Used: [226.2 Gb] Free: [687.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.494.10586.0
User Account Control enabled
Automatic download and scheduled installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.30 beta 2 (64-bit) v.5.30.2 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 NPAPI v.22.0.0.209
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.106 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.106
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
C:\Program Files\Windows Defender\MsMpEng.exe v.4.9.10586.494
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.9.10586.494
C:\Program Files\Windows Defender\MSASCui.exe v.4.9.10586.494
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
WildTangent Games v.1.0.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Update Installer for WildTangent Games App << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games App v.4.0.11.13 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Amazon 1Button App v.1.0.8 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------


#7 buddy215

buddy215

  • BC Advisor
  • 11,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:43 AM

Posted 27 July 2016 - 07:05 PM

Okay....last but not least...follow instructions below.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 27 July 2016 - 08:08 PM

Okay....last but not least...follow instructions below.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

 

Windows Startups:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run HP Officejet 4630 series (NET) Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN54E592JC05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
Yes HKCU:Run HP Officejet 4630 series (Network) Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN54E592JC05Y0:NW" -scfn "HP Officejet 4630 series (Network)" -AutoStart 1
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Ayla\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run RemoteFilesTrayIcon Acer Incorporated "C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe"
Yes HKCU:Run Spotify Spotify Ltd "C:\Users\Ayla\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Ayla\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run Steam Valve Corporation "C:\Users\Ayla\Documents\Steam\steam.exe" -silent
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes Startup Common Install Webroot FF RunOnce.lnk Webroot Software, Inc. C:\Program Files (x86)\Common Files\wruninstall.exe
Yes Startup Common Install Webroot IE RunOnce.lnk Webroot Software, Inc. C:\Program Files (x86)\Common Files\wruninstall.exe
 
 
Scheduled Tasks:
 
 
Yes Task abDocsDllLoader Acer Incorporated C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe task
Yes Task ACCAgent Acer Incorporated C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Yes Task ACCBackgroundApplication Acer Incorporated C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Yes Task AcerCloud Acer C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task BacKGroundAgent Acer Incorporated C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Hotkey Utility Acer Incorporated "C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe"
Yes Task HPCustParticipation HP Officejet 4630 series Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe" /UA 13.0 /DDV 0x0b05
No Task Optimize Start Menu Cache Files-S-1-5-21-821474297-2908956192-4159563269-1001
Yes Task Optimize Start Menu Cache Files-S-1-5-21-821474297-2908956192-4159563269-500
Yes Task Quick Access Acer Incorporate "C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"
Yes Task Quick Access Quick Launcher Acer Incorporate "C:\Program Files\Acer\Acer Quick Access\QALauncher.exe" -noui -normsvc
 
 
Programs Installed:
 
- Games App - WildTangent Games 7/5/2016 1.0.3.28
3D Builder Microsoft Corporation 7/20/2016 11.1.9.0
abDocs Acer Incorporated 7/26/2016 158 MB 1.10.2000
abDocs Acer Incorporated 7/26/2016 1.10.2000
abDocs Office AddIn Acer Incorporated 7/26/2016 3.59 MB 3.02.2001
abFiles Acer Incorporated 4/16/2015 50.1 MB 2.00.3002
abFiles Acer Incorporated 4/16/2015 2.00.3002
abMusic Acer Incorporated 4/28/2016 127 MB 3.00.2004.0
abMusic Acer Incorporated 4/28/2016 3.00.2004.0
abPhoto Acer Incorporated 6/27/2016 151 MB 3.07.2003.0
abPhoto Acer Incorporated 6/27/2016 3.07.2003.0
AccuWeather - Weather for Life AccuWeather 7/5/2016 10.0.256.0
Acer Care Center Acer Incorporated 8/3/2015 73.3 MB 2.00.3006
Acer Explorer Acer Incorporated 7/8/2016 2.0.3007.0
Acer Explorer Agent Acer Incorporated 4/16/2015 2.13 MB 2.00.3000
Acer Portal Acer Incorporated 7/24/2016 3.11.2000
Acer Portal Acer Incorporated 7/24/2016 3.11.2000
Acer Quick Access Acer Incorporated 4/16/2015 1.01.3016.0
Acer Quick Access Acer Incorporated 4/16/2015 14.6 MB 1.01.3016.0
Acer User Experience Improvement Program App Monitor Plugin Acer Incorporated 4/16/2015 2.69 MB 1.02.3004
Acer User Experience Improvement Program App Monitor Plugin Acer Incorporated 4/16/2015 1.02.3004
Acer User Experience Improvement Program Framework Acer Incorporated 4/16/2015 2.07 MB 1.02.3004
Acer User Experience Improvement Program Framework Acer Incorporated 4/16/2015 1.02.3004
Acer Video Player Acer Incorporated 4/16/2015 47.3 MB 1.00.2005.0
Acer Video Player Acer Incorporated 4/16/2015 1.00.2005.0
Adobe Flash Player 22 NPAPI Adobe Systems Incorporated 7/13/2016 5.79 MB 22.0.0.209
Agar-io EdwinC 7/5/2016 1.1.0.0
Aion NCSOFT 7/4/2016 30.0 GB
Alarms & Clock Microsoft Corporation 7/24/2016 10.1607.1991.0
Amazon Amazon.com 7/5/2016 3.1.2.8
Amazon 1Button App Amazon 4/16/2015 7.95 MB 1.0.8
Amnesia™: Memories Idea Factory 7/4/2016 2.88 GB
AOP Framework Acer Incorporated 7/24/2016 3.19.2000.1
AOP Framework Acer Incorporated 7/24/2016 3.19.2000.1
App connector Microsoft Corporation 7/5/2016 1.3.3.0
Aura Kingdom X-Legend 7/4/2016 6.45 GB
Booking.com Partner Edition Booking.com B.V. 7/5/2016 1.2.1.0
Brawlhalla Blue Mammoth Games 7/24/2016 200 MB
Calculator Microsoft Corporation 7/5/2016 10.1605.1582.0
Camera Microsoft Corporation 7/15/2016 2016.404.190.0
Care Center Acer Incorporated 8/3/2015 73.3 MB 2.00.3006
CCleaner Piriform 7/26/2016 5.20
Creativerse Playful Corporation 7/4/2016 1.18 GB
Crossy Road Yodo1 Ltd 7/5/2016 1.3.4.0
Crush Crush Sad Panda Studios 7/4/2016 435 MB
CUPID - A free to play Visual Novel Fervent 7/24/2016 358 MB
CyberLink PhotoDirector 3 CyberLink Corp. 4/16/2015 105 MB 3.0.1.5320
CyberLink PowerDirector 10 CyberLink Corp. 4/16/2015 518 MB 10.0.0.4220
CyberLink PowerDVD 12 CyberLink Corp. 4/16/2015 94.0 MB 12.0.4609.01
Danganronpa: Trigger Happy Havoc Spike Chunsoft Co., Ltd. 7/4/2016 3.60 GB
eBay eBay, Inc 7/5/2016 1.6.0.34
eBay Worldwide OEM 8/3/2015 704 KB 2.4.0105
Echo of Soul Nvius 7/17/2016 12.1 GB
ESET Online Scanner v3 7/26/2016
Eternal Senia Holy Priest 7/4/2016 191 MB
Everlasting Summer Soviet Games 7/4/2016 1.03 GB
Evernote Touch Evernote 7/5/2016 3.3.0.102
Explorer Agent Acer Incorporated 4/16/2015 2.13 MB 2.00.3000
Facebook Facebook Inc 7/21/2016 60.523.7196.0
Fantasy Tales Online Cold Tea Studio 7/11/2016 220 MB
Flipboard Flipboard 7/5/2016 2.1.1.0
Foxit PhantomPDF Foxit Corporation 4/16/2015 221 MB 6.0.120.609
Frosty Kiss 2Chance Projects 7/4/2016 227 MB
Get Office Microsoft Corporation 7/5/2016 17.7031.23501.0
Get Skype Skype 7/5/2016 3.2.1.0
Get Started Microsoft Corporation 7/24/2016 4.0.9.0
GIMP 2.8.16 The GIMP Team 6/30/2016 280 MB 2.8.16
Google Chrome Google Inc. 7/4/2016 402 MB 51.0.2704.106
Groove Music Microsoft Corporation 7/15/2016 3.6.23041.0
Hotkey Utility Acer Incorporated 4/16/2015 3.00.8104
Hotkey Utility Acer Incorporated 4/16/2015 7.98 MB 3.00.8104
HP AiO Printer Remote HP Inc. 7/5/2016 60.1.153.0
HP Officejet 4630 series Basic Device Software Hewlett-Packard Co. 8/3/2015 416 MB 32.3.198.49673
HP Officejet 4630 series Help Hewlett Packard 8/3/2015 21.1 MB 31.0.0
HP Photo Creations HP 7/4/2016 2.75 MB 1.0.0.7702
HP Update Hewlett-Packard 8/3/2015 8.08 MB 5.005.002.002
Hulu Hulu. 7/5/2016 2.3.17.0
I.R.I.S. OCR HP 8/3/2015 137 MB 12.3.4.0
Intel® Control Center Intel Corporation 4/16/2015 1.2.1.1011
Intel® Management Engine Components Intel Corporation 4/16/2015 9.5.15.1730
Intel® Processor Graphics Intel Corporation 4/16/2015 10.18.10.3496
iStoryTime Library zuuka Inc 7/5/2016 1.1.0.69
Kindle AMZN Mobile LLC 7/5/2016 2.1.0.2
Long Live The Queen Hanako Games 7/4/2016 58.4 MB
Lost girl`s [diary] SmoleVN 7/4/2016 1.17 GB
Mail and Calendar Microsoft Corporation 7/19/2016 17.6965.41051.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 5/22/2016 56.8 MB 2.2.1.1043
Maps Microsoft Corporation 7/5/2016 5.1606.1670.0
Meme-Generator Naveen CS 7/5/2016 3.2.0.0
Messaging + Skype Microsoft Corporation 7/5/2016 2.15.20002.0
Messenger Facebook Inc 7/22/2016 79.525.6584.0
Microsoft Office 365 - en-us Microsoft Corporation 7/26/2016 2.03 GB 15.0.4841.1002
Microsoft Solitaire Collection Microsoft Studios 7/14/2016 3.11.7081.0
Microsoft Sudoku Microsoft Studios 7/5/2016 1.3.0.2
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 9/19/2015 8.56 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/16/2015 1.63 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 5/29/2016 830 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 4/16/2015 6.73 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 4/16/2015 6.72 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 5/29/2016 6.09 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/28/2016 18.0 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/28/2016 20.2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 5/29/2016 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 7/4/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 7/4/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 7/19/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 7/19/2016 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 Microsoft Corporation 7/4/2016 24.3 MB 14.0.23918.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 Microsoft Corporation 7/4/2016 20.6 MB 14.0.23918.0
Microsoft Wi-Fi Microsoft Corporation 7/5/2016 1.1604.4.0
Money Microsoft Corporation 7/5/2016 4.11.156.0
Movie Moments Microsoft Corporation 7/5/2016 6.3.9654.20464
Movies & TV Microsoft Corporation 7/22/2016 3.6.22511.0
MSN Food & Drink Microsoft Corporation 7/5/2016 3.0.4.336
MSN Health & Fitness Microsoft Corporation 7/5/2016 3.0.4.336
MSN Travel Microsoft Corporation 7/5/2016 3.0.4.336
NCSOFT Game Launcher NCSOFT 7/4/2016 26.4 MB
Netflix Netflix, Inc. 7/19/2016 6.11.33.0
News Microsoft Corporation 7/5/2016 4.11.156.0
Nexon Game Manager 7/4/2016 1.80 MB
Next Issue Magazines for Acer NEXT ISSUE MEDIA,LLC . 7/5/2016 1.5.18.0
One Thousand Lies Keinart Lobre 7/4/2016 246 MB
OneNote Microsoft Corporation 7/27/2016 17.7167.57761.0
Order & Chaos Online Gameloft. 7/5/2016 2.6.1.6
Origin Electronic Arts, Inc. 7/4/2016 236 MB 9.4.11.2806
People Microsoft Corporation 7/21/2016 10.0.11902.0
Phone Microsoft Corporation 7/5/2016 2.17.27003.0
Phone Companion Microsoft Corporation 7/24/2016 10.1607.1991.0
Photos Microsoft Corporation 7/5/2016 16.526.11220.0
Product Improvement Study for HP Officejet 4630 series Hewlett-Packard Co. 8/3/2015 19.3 MB 32.3.198.49673
Reader Microsoft Corporation 7/5/2016 6.4.9926.18339
Realtek Card Reader Realtek Semiconductor Corp. 4/16/2015 23.1 MB 6.3.3.34
Realtek Ethernet Controller Driver Realtek 4/16/2015 5.33 MB 8.18.621.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 7/4/2016 38.9 MB 6.0.1.7023
RollerCoaster Tycoon 3: Platinum! Frontier 7/4/2016 1.29 GB
Sakura Clicker Winged Cloud 7/4/2016
Seduce Me the Otome Michaela Laws 7/4/2016 1.42 GB
Sepia Tears Scarlet String Studios 7/4/2016 371 MB
Simple Truths A Creative Endeavor 7/5/2016 1.1.0.1
Sports Microsoft Corporation 7/5/2016 4.11.156.0
Spotify Spotify AB 4/16/2015 75.9 MB 0.9.6.81.gd359a796
Steam Valve Corporation 7/4/2016 2.10.91.91
Store Microsoft Corporation 7/5/2016 11602.1.26.0
Sway Microsoft Corporation 7/9/2016 17.7167.45121.0
Take the Dream IX Yai Gameworks 7/4/2016 245 MB
TERA Bluehole Inc. 7/17/2016 38.7 GB
The Elder Scrolls V: Skyrim Bethesda Game Studios 7/4/2016 10.0 GB
The Sims 2: Ultimate Collection Electronic Arts 7/4/2016 12.5 GB 1.0.0.0
The Sims™ 3 Electronic Arts Inc. 9/19/2015 7.29 GB 1.69.43.024017
The Sims™ 3 Generations Electronic Arts 9/19/2015 1.60 GB 8.0.152
The Sims™ 3 Showtime Electronic Arts 9/19/2015 3.48 GB 12.0.273
The Sims™ 3 University Life Electronic Arts 9/19/2015 2.69 GB 18.0.126
The Sims™ 4 Electronic Arts Inc. 7/24/2016 10.2 GB 1.21.37.1020
This or That.. A Creative Endeavor 7/5/2016 1.1.0.1
Twitter Twitter Inc. 7/13/2016 5.1.4.0
UE4 Prerequisites (x64) Epic Games, Inc. 7/4/2016 29.1 MB 1.0.10.0
Voice Recorder Microsoft Corporation 7/22/2016 10.1607.1891.0
Weather Microsoft Corporation 7/5/2016 4.11.156.0
What if.. A Creative Endeavor 7/5/2016 1.1.0.1
WildTangent Games WildTangent 7/4/2016 51.7 MB 1.0.4.0
Windows Reading List Microsoft Corporation 7/5/2016 6.3.9654.21234
Windows Scan Microsoft Corporation 7/5/2016 6.3.9654.17133
WinRAR 5.30 beta 2 (64-bit) win.rar GmbH 7/4/2016 4.99 MB 5.30.2
Xbox Microsoft Corporation 7/5/2016 15.18.14017.0
Zinio Reader Zinio LLC 7/5/2016 2.1.0.317
 


#9 buddy215

buddy215

  • BC Advisor
  • 11,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:43 AM

Posted 27 July 2016 - 08:47 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run HP Officejet 4630 series (NET) Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN54E592JC05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
Yes HKCU:Run HP Officejet 4630 series (Network) Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN54E592JC05Y0:NW" -scfn "HP Officejet 4630 series (Network)" -AutoStart 1
Yes HKCU:Run Spotify Spotify Ltd "C:\Users\Ayla\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Ayla\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run Steam Valve Corporation "C:\Users\Ayla\Documents\Steam\steam.exe" -silent
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes Startup Common Install Webroot FF RunOnce.lnk Webroot Software, Inc. C:\Program Files (x86)\Common Files\wruninstall.exe
Yes Startup Common Install Webroot IE RunOnce.lnk Webroot Software, Inc. C:\Program Files (x86)\Common Files\wruninstall.exe
 
Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task ACCAgent Acer Incorporated C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Yes Task ACCBackgroundApplication Acer Incorporated C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Yes Task AcerCloud Acer C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task HPCustParticipation HP Officejet 4630 series Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe" /UA 13.0 /DDV 0x0b05

 

Uninstall these programs:

- Games App - WildTangent Games 7/5/2016 1.0.3.28

AccuWeather - Weather for Life AccuWeather 7/5/2016 10.0.256.0

Acer User Experience Improvement Program App Monitor Plugin Acer Incorporated 4/16/2015 2.69 MB 1.02.3004
Acer User Experience Improvement Program App Monitor Plugin Acer Incorporated 4/16/2015 1.02.3004
Acer User Experience Improvement Program Framework Acer Incorporated 4/16/2015 2.07 MB 1.02.3004
Acer User Experience Improvement Program Framework Acer Incorporated 4/16/2015 1.02.3004
Amazon Amazon.com 7/5/2016 3.1.2.8
Amazon 1Button App Amazon 4/16/2015 7.95 MB 1.0.8
eBay eBay, Inc 7/5/2016 1.6.0.34
eBay Worldwide OEM 8/3/2015 704 KB 2.4.0105
ESET Online Scanner v3 7/26/2016
WildTangent Games WildTangent 7/4/2016 51.7 MB 1.0.4.0
WinRAR 5.30 beta 2 (64-bit) win.rar GmbH 7/4/2016 4.99 MB 5.30.2
 
After doing the above....please tell me what problem(s) if any remain.
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 27 July 2016 - 11:55 PM

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run HP Officejet 4630 series (NET) Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN54E592JC05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
Yes HKCU:Run HP Officejet 4630 series (Network) Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN54E592JC05Y0:NW" -scfn "HP Officejet 4630 series (Network)" -AutoStart 1
Yes HKCU:Run Spotify Spotify Ltd "C:\Users\Ayla\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Ayla\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes HKCU:Run Steam Valve Corporation "C:\Users\Ayla\Documents\Steam\steam.exe" -silent
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes Startup Common Install Webroot FF RunOnce.lnk Webroot Software, Inc. C:\Program Files (x86)\Common Files\wruninstall.exe
Yes Startup Common Install Webroot IE RunOnce.lnk Webroot Software, Inc. C:\Program Files (x86)\Common Files\wruninstall.exe
 
Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task ACCAgent Acer Incorporated C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Yes Task ACCBackgroundApplication Acer Incorporated C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Yes Task AcerCloud Acer C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task HPCustParticipation HP Officejet 4630 series Hewlett-Packard Development Company, LP "C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe" /UA 13.0 /DDV 0x0b05

 

Uninstall these programs:

- Games App - WildTangent Games 7/5/2016 1.0.3.28

AccuWeather - Weather for Life AccuWeather 7/5/2016 10.0.256.0

Acer User Experience Improvement Program App Monitor Plugin Acer Incorporated 4/16/2015 2.69 MB 1.02.3004
Acer User Experience Improvement Program App Monitor Plugin Acer Incorporated 4/16/2015 1.02.3004
Acer User Experience Improvement Program Framework Acer Incorporated 4/16/2015 2.07 MB 1.02.3004
Acer User Experience Improvement Program Framework Acer Incorporated 4/16/2015 1.02.3004
Amazon Amazon.com 7/5/2016 3.1.2.8
Amazon 1Button App Amazon 4/16/2015 7.95 MB 1.0.8
eBay eBay, Inc 7/5/2016 1.6.0.34
eBay Worldwide OEM 8/3/2015 704 KB 2.4.0105
ESET Online Scanner v3 7/26/2016
WildTangent Games WildTangent 7/4/2016 51.7 MB 1.0.4.0
WinRAR 5.30 beta 2 (64-bit) win.rar GmbH 7/4/2016 4.99 MB 5.30.2
 
After doing the above....please tell me what problem(s) if any remain.
 

 

 

 

Sorry to ask this but...

 

Would removing the Acer User Experience Improvement Programs do anything to my computer? I'm not quite sure what those are.

 

Also, do I absolutely need to uninstall WinRAR? I use it quite often.



#11 buddy215

buddy215

  • BC Advisor
  • 11,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:43 AM

Posted 28 July 2016 - 06:54 AM

Uninstalling the Acer spyware will not affect the computer. From Acer: The Acer User Experience app is used to collect customer behaviors when using Acer PC products and send the information back for further analysis. This aids in improving the user experience and satisfaction of new products or updated versions of existing products. This application can be uninstalled if you do not wish to participate.

 

WinRAR is a beta version. Up to you whether to keep it or not. But should be updated.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 aninkling

aninkling

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 28 July 2016 - 09:21 AM

There is a chrome forum thread started on this.  https://productforums.google.com/forum/?hl=en#!topic/chrome/p5gqyIBwrGg;context-place=topicsearchin/chrome/category$3Areport-a-problem-and-get-troubleshooting-help.  I'm documenting my experience on my blog:  http://leetlinktips.blogspot.com.  As I said in the forum, there is nothing in my browser history that would suggest I went anywhere I could pick this up.  I think Google owes us an explanation of how something could pop up like that. I did not run anything or install anything, etc.  I'll follow some of the methodology above and report on my forum. 



#13 buddy215

buddy215

  • BC Advisor
  • 11,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:43 AM

Posted 28 July 2016 - 10:32 AM

A few suggestions....

 

Block Third Party cookies....aka...ad and tracking cookies....How to disable third-party cookies in all major web browsers

Once you have blocked the install of the Third Party cookies....run CCleaner to remove the ones that are presently installed.

 

Install Adblock Plus in Google Chrome. Once installed click on the ABP  logo and choose Filter Preferences. UNcheck Allow some non-intrusive advertisements.

For Chrome users download from Adblock Plus - Chrome Web Store

 

The popular NoScript add-on is not available for Google Chrome. There are other Script blockers available in the Chrome store but not having any experience using

them or Google Chrome, I won't recommend one. A script blocker such as NoScript is a valuable tool for blocking attempts to install malware from just visiting a web page.


Edited by buddy215, 28 July 2016 - 10:37 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 28 July 2016 - 03:36 PM

There is a chrome forum thread started on this.  https://productforums.google.com/forum/?hl=en#!topic/chrome/p5gqyIBwrGg;context-place=topicsearchin/chrome/category$3Areport-a-problem-and-get-troubleshooting-help.  I'm documenting my experience on my blog:  http://leetlinktips.blogspot.com.  As I said in the forum, there is nothing in my browser history that would suggest I went anywhere I could pick this up.  I think Google owes us an explanation of how something could pop up like that. I did not run anything or install anything, etc.  I'll follow some of the methodology above and report on my forum. 

 

 

Thank you for posting this. Google indeed owes an explanation. I don't remember how the first Chrome update downloaded, but I know I got the second from a news article where an ad popped up and something tried to download without my consent at all.



#15 Ayface

Ayface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:43 AM

Posted 28 July 2016 - 03:40 PM

Uninstalling the Acer spyware will not affect the computer. From Acer: The Acer User Experience app is used to collect customer behaviors when using Acer PC products and send the information back for further analysis. This aids in improving the user experience and satisfaction of new products or updated versions of existing products. This application can be uninstalled if you do not wish to participate.

 

WinRAR is a beta version. Up to you whether to keep it or not. But should be updated.

 

I did as you said and so far I haven't came across any problems. If something happens, I'll let you know.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users