Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on malicious 'secure email' link, what now?


  • Please log in to reply
10 replies to this topic

#1 mjtaxpro

mjtaxpro

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 15 August 2016 - 01:30 PM

I got an email from a client that looked legit; I later found out it wasn't from him. When I clicked the link to access the 'secure email' it opened a blank internet explorer window, not sure what the web address, but nothing on the page. Shortly after I got an email from EA/Origin saying the following:

 

"The password for your Origin account was recently reset because a standard systems analysis indicated that your user name and password may have been subject to suspicious activity. We have no reason to believe at this time that the suspicious activity is the result of unauthorised access to EA's databases. Instead, such activity could be related to issues with phishing, use of weak passwords, logging in from shared connections or even using the same password on multiple websites. We apologise for any inconvenience this may cause you and hope you will recognise we're taking this action to better protect your personal data."

 

I didn't click the link there to reset it, I reset my password directly on the site. I didn't have an active account there at all and had no games or anything in my profile so there would be nothing for anyone to gain by having access to my account (I think).

 

My concern is on my computer. I ran malware bytes but it didn't find anything. What to do to make sure that my computer isn't compromised. I cant imagine that I clicked a malicious link that does nothing.

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:35 AM

Posted 15 August 2016 - 08:24 PM

I read an article today explaining how the Democrats email was compromised. Several Dems did click on that "Reset Email Password button in the email.

Likely you are not infected from just opening the email. Below are some programs you can run to clean up the comp and remove both adware and malware.

Here is a link to the article: Tracking The Hackers Who Hit DNC, Clinton | The Smoking Gun

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Lorraine89

Lorraine89

  • Banned Spammer
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 17 August 2016 - 01:59 AM

Always keep yourself refrain from clicking on any such links that may look phishy and/or do not seem to be authentic. And also always have a hard guard protection in place for instance McAfee or any such good anti malware and spyware applications to keep your PC protected. 



#4 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 17 August 2016 - 09:36 AM

Thanks. I did click the link in what I thought was a secure email from a client. Me clicking that link in that email is why I think there was malware or something.

 

Here are the logs.

 

# AdwCleaner v6.000 - Logfile created 17/08/2016 at 09:13:45
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-17.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : mj7 - JUNIOR5
# Running from : C:\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

***** [ Folders ] *****

[!] Folder not deleted:
[!] Folder not deleted:
[!] Folder not deleted:

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1113Core
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1113UA
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1cf8fdd8a30c4bb
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1cfec99825681b8
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d002a2f0d0743c
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d0408a7e67c527
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d0917524c4ec01
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d0bfcba8fd2272
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d0e3f2d2e69662
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d0f0b325a3946c
[-] Task deleted: GoogleUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1144Core1d12eab54a071bb

***** [ Registry ] *****

[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS05.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS06.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS07.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS08.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS09.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS10.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS11.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS12.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS13.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS14.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS15.clsZipTool
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\s

***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5134 Bytes] - [17/08/2016 09:13:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [5594 Bytes] - [16/08/2016 09:47:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [5597 Bytes] - [16/08/2016 10:42:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [5670 Bytes] - [16/08/2016 11:04:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [5514 Bytes] - [17/08/2016 09:11:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5499 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x86
Ran by mjadmin2 (Administrator) on 08/16/16 at 12:07:35.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 37

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\Appdata\LocalLow\adawaretb (Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Roaming\download manager (Folder)
Successfully deleted: C:\Program Files\askbardis (Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CNDOTTO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GHB5OZW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L12AAM7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T2XZS2J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Z8O22P8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LRQ06BX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VEC9AMO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGVSSPPS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAYWALZN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8D3GP2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2R3ED7K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9DLBV8L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIP7Z9TA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQZ840SA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKAU6SD5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mjadmin2.CORP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4T74GK2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CNDOTTO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GHB5OZW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L12AAM7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T2XZS2J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Z8O22P8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LRQ06BX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VEC9AMO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGVSSPPS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAYWALZN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8D3GP2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2R3ED7K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9DLBV8L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIP7Z9TA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQZ840SA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKAU6SD5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4T74GK2 (Temporary Internet Files Folder)

 

Registry: 3

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D26D85EB-E331-40D9-A4C5-FE975A11EC59} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/16/16 at 12:11:55.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x86
Ran by mj7 (Limited) on 08/17/16 at  8:54:33.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 16

Failed to delete: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9K11B0L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\133DXC2F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74E3O35W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T0VV1YD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQQBNS1F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCECHOGA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W06GJG63 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\mj7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WC1GGJA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\133DXC2F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74E3O35W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T0VV1YD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9K11B0L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQQBNS1F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCECHOGA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W06GJG63 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WC1GGJA6 (Temporary Internet Files Folder)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C184FB6D-73F4-4651-8CED-FE9C3180C4DB} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/17/16 at  8:57:17.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=d44535cb72644a4ba7f236382fc30101
# end=init
# utc_time=2016-08-16 05:13:50
# local_time=2016-08-16 12:13:50 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 30444
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=d44535cb72644a4ba7f236382fc30101
# end=updated
# utc_time=2016-08-16 05:20:25
# local_time=2016-08-16 12:20:25 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d44535cb72644a4ba7f236382fc30101
# engine=30444
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-08-16 09:45:31
# local_time=2016-08-16 04:45:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 14157851 165453535 0 0
# scanned=586283
# found=12
# cleaned=10
# scan_time=15905
sh=95E251E2255BBF64B9146F2B47C7FBB77359B052 ft=1 fh=ebcc6522125315a1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\mjadmin2.CORP\AppData\LocalLow\Sun\Java\jre1.7.0_05\java_sp.dll"
sh=F39A1D9201D021180B9FC8543783D8CE69054DCE ft=1 fh=10783dd2892ae31b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\mjadmin2.CORP\Desktop\ccsetup317.exe"
sh=95E251E2255BBF64B9146F2B47C7FBB77359B052 ft=1 fh=ebcc6522125315a1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Documents and Settings\mjadmin2.CORP\AppData\LocalLow\Sun\Java\jre1.7.0_05\java_sp.dll"
sh=F39A1D9201D021180B9FC8543783D8CE69054DCE ft=1 fh=10783dd2892ae31b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted)" ac=C fn="C:\Documents and Settings\mjadmin2.CORP\Desktop\ccsetup317.exe"
sh=F029289591CAA8AD07D1CB2D238E0B514CB718E1 ft=1 fh=fedaa6dd4669df08 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Dropbox\Downloads\CouponPrinterCPS.exe"
sh=8F24F365622DF3520F5CC50798386FE6DDC02CEC ft=1 fh=ccfac1472ad572fb vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Dropbox\Rebekah\Nelsons\AppData\Local\Temp\cpnprt2win32.cid"
sh=027E2696BACEC70E6EBC0EC6D12DBC7ABC2BA131 ft=1 fh=25f2cbec2b8cb5c9 vn="a variant of Win32/Toolbar.Besttoolbars.I potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\IntelliConnect Search\AddonsFramework.Typelib.dll"
sh=2F034633E3147ABDE6EC1C44DB5FCEB038478232 ft=1 fh=8ae409f1a48fa289 vn="a variant of Win64/Toolbar.Besttoolbars.B potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\IntelliConnect Search\AddonsFramework.Typelib64.dll"
sh=3BA2ADFF1901A7DA802592882089FAD281EF2C2A ft=1 fh=ebfbc0288b0a08a9 vn="a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\IntelliConnect Search\BackgroundHost.exe"
sh=7544CFC17212E86E566ABF8929E69DA1200CDC29 ft=1 fh=eb35d912cccf23bc vn="a variant of Win64/Toolbar.Besttoolbars.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\IntelliConnect Search\BackgroundHost64.exe"
sh=07E5E45F5F9CA6E4EF89D2036C4A6B40912D6374 ft=1 fh=713fbbdaf4c16c2a vn="a variant of Win32/Toolbar.Besttoolbars.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\IntelliConnect Search\ScriptHost.dll"
sh=BCCD9BCEDB8FA58AEE6A3180A19DA814E51115B2 ft=1 fh=4980a4f0bd536309 vn="a variant of Win32/Toolbar.Besttoolbars.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files\IntelliConnect Search\ScriptHost64.dll"
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=d44535cb72644a4ba7f236382fc30101
# end=init
# utc_time=2016-08-17 02:30:06
# local_time=2016-08-17 09:30:06 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
 



#5 buddy215

buddy215

  • Moderator
  • 13,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:35 AM

Posted 17 August 2016 - 10:34 AM

Most likely what was found and removed by the programs were already on your computer....adware.

 

In the Smoking Gun article the problem was the users not only clicked on the update password link which took them to a fake site, but actually entered

info that allowed the criminals access to their email. Which was what the criminals wanted. I understood you didn't do that.

 

I see that files below were not deleted. Was that your decision?

 

[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS05.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS06.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS07.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\ATXTLS08.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS09.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS10.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS11.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS12.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS13.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS14.clsZipTool
[!] Key not deleted: HKLM\SOFTWARE\Classes\CCHTLS15.clsZipTool

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 17 August 2016 - 10:47 AM

correct, chose not to delete those as they are part of tax programs I use.

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\mj7\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run DymoQuickPrint Sanford, L.P. "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
Yes HKCU:Run RoboForm Siber Systems "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
Yes HKLM:Run Act! Preloader Sage Software, Inc. "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
Yes HKLM:Run Act.Outlook.Service Sage Software, Inc. "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
Yes HKLM:Run ACTSchedulerUI Sage Software, Inc. "C:\Program Files\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
Yes HKLM:Run Adobe Acrobat Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
Yes HKLM:Run Desktop Disc Tool Sonic Solutions "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
Yes HKLM:Run DLSService  "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
Yes HKLM:Run DNS7reminder Nuance Communications, Inc. "C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
Yes HKLM:Run FJTWAIN Setup FUJITSU LIMITED C:\Windows\Twain_32\fjscan32\FjtwMkup.exe /Station
Yes HKLM:Run FtLnSOP_setup PFU LIMITED C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run IAAnotif Intel Corporation C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Yes HKLM:Run ISUSPM Flexera Software LLC. C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run PDVD9LanguageShortcut CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
Yes HKLM:Run PeachtreePrefetcher.exe Sage Software, Inc. C:\Program Files\Sage\Peachtree2016\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
Yes HKLM:Run RemoteControl9 CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
Yes HKLM:Run RoxWatchTray Sonic Solutions "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
Yes HKLM:Run SoundMAXPnP Analog Devices, Inc. C:\Program Files\Analog Devices\Core\smax4pnp.exe
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes HKLM:Run StatusAlerts Hewlett-Packard Company "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run USCService Broadcom Corporation C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
Yes HKLM:Run WavXMgr Wave Systems Corp. C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
Yes Startup Common CS Connect Background Services.lnk Thomson Reuters T:\Tools\connectbgdl.exe
Yes Startup Common Dell System Manager.lnk Dell Inc. C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
Yes Startup Common Error Recovery Guide.lnk PFU LIMITED C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
Yes Startup Common MultiMon Taskbar.lnk  C:\Program Files\MMTaskbar\MultiMon.exe
Yes Startup Common TdmNotify.lnk Wave Systems Corp. C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\mj7\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

Yes Task DropboxUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1162Core Dropbox, Inc. C:\Users\mj7\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1162UA Dropbox, Inc. C:\Users\mj7\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

 

2000 Lacerte Tax  04/24/12  
2001 Lacerte Tax  04/24/12  
2002 Lacerte Tax  04/24/12  
2003 Lacerte Tax  04/24/12  
2004 Lacerte Tax  04/24/12  
2006 Lacerte Tax  04/24/12  
2007 Lacerte Tax Intuit Inc. 04/24/12  
2008 Lacerte Tax Intuit Inc. 04/24/12  
2009 Lacerte Tax Intuit Inc. 04/24/12  
2009 SFS W2/1099 Printer  04/24/12  
2010 Lacerte Tax Intuit Inc. 04/24/12  
2011 Lacerte Tax Intuit Inc. 04/24/12  
2011 Mutual Fund Tax Guide Mutual Fund Publishing Company 03/08/12 1.56 MB 5.00.2011
2012 Lacerte Tax Intuit Inc. 11/07/12  
2013 Lacerte Tax Intuit Inc. 11/20/13  
2013 Lacerte Tax Planner Intuit Inc. 02/17/14  
2014 Lacerte Tax Intuit Inc. 11/18/14  
2014 Lacerte Tax Planner Intuit Inc. 11/18/14  
2015 Lacerte Tax Intuit Inc. 12/08/15  
2015 Lacerte Tax Planner Intuit Inc. 12/08/15  
AccuWage 2015 Java 7 SSA 01/11/16  
ACT! by Sage 2010 Sage Software, Inc. 01/13/11 111 MB 12.0.0.0
Adobe Acrobat  9 Standard - English, Français, Deutsch Adobe Systems 01/13/15  9.0.0
Adobe AIR Adobe Systems Inc. 04/24/12  2.5.1.17730
Adobe Flash Player 22 ActiveX Adobe Systems Incorporated 07/16/16 18.6 MB 22.0.0.210
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 12/31/15 16.8 MB 3.0.851.0
AnswerWorks 4.0 Runtime - English Vantage Software Technologies 06/20/12  4.0.101
Apple Application Support Apple Inc. 01/08/15 95.2 MB 3.1
Apple Mobile Device Support Apple Inc. 01/08/15 21.5 MB 8.0.5.6
Apple Software Update Apple Inc. 01/08/15 2.38 MB 2.1.3.127
ATX 2014 CCH Small Firm Services 12/07/15 102 MB 14.7.0
ATX 2015 CCH Small Firm Services 07/14/16 192 MB 15.9.0
ATX Kleinrock 2006 Tax Products (Remove Only)  04/24/12  
ATX Kleinrock 2007 Tax Products (Remove Only)  04/24/12  
ATX Server 2014 CCH Small Firm Services 12/07/15 33.5 MB 14.5.0
Bonjour Apple Inc. 01/08/15 1.02 MB 3.0.0.10
Broadcom NetXtreme-I Netlink Driver and Management Installer Broadcom Corporation 01/06/11  14.0.3.2
CCH Small Firm Services (xulRunner) CCH Smal Firm Services 04/24/12  
CCH Small Firm Services 2008 (Remove Only)  04/24/12  
CCH Small Firm Services 2009 (Remove Only)  04/24/12  
CCH Small Firm Services 2010 (Remove Only)  04/24/12  
CCH Small Firm Services 2011 (Remove Only)  04/24/12  
CCH Small Firm Services 2012 (Remove Only)  12/10/12  
CCH Small Firm Services 2013 (Remove Only)  01/21/14  
CCH Small Firm Services 2014 (Remove Only)  12/23/14  
CCH Small Firm Services 2015 (Remove Only)  12/17/15  
CCleaner Piriform 08/16/16  5.21
Cisco WebEx Meetings Cisco WebEx LLC 06/23/15  
Crystal Reports 2008 Runtime SP1 Business Objects 01/13/11 175 MB 12.1.0.882
Crystal Reports 2008 SP1 Business Objects 06/06/11 574 MB 12.1.0.883
CyberLink PowerDVD 9.5 CyberLink Corp. 01/06/11  9.5.1.3225
Dell ControlPoint Security Manager Dell Inc. 01/06/11  1.6.468.86
Dell Security Device Driver Pack Dell Inc. 01/06/11  1.4.055
Dell System Manager Dell Inc. 01/06/11  1.5.00000
Diamond Drivers 6.0 HD4600 AGP Vista Installation Diamond Multimedia 12/31/15  6.0.0
Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista Diamond Multimedia 01/14/13  3.0.851.0
DishAnywhereDesktop Sling Media 07/08/15 204 MB 0.0.0.188
Document eSort Components Intuit Inc. 01/13/11 1.56 MB 2.4.3.1022
Dragon NaturallySpeaking 12.0 Nuance Communications Inc. 08/21/12 3.16 GB 12.00.100
Drake® Business Conversion to ATX® CCH SFS 12/07/15 1.08 MB 3.1
Dropbox Dropbox, Inc. 08/05/16  7.4.30
DYMO Label v.8 Sanford, L.P. 01/18/13  8.4.0.1524
DYMO LabelWriter Drivers Sanford L.P. 01/13/11 2.52 MB 8.3.0.443
EFTPS Batch Provider Client Internal Revenue Service 08/08/13  5.0.2.0
ESET Online Scanner v3  08/16/16  
FAS for Peachtree Best Software 01/13/11 171 MB 2005.1
GIMP 2.8.0 The GIMP Team 09/05/13 218 MB 2.8.0
GoodSync Siber Systems 04/26/12 9.76 MB 9.1.6.8
Google Chrome Google Inc. 06/16/15  52.0.2743.116
HP LaserJet Pro MFP M127-M128 Hewlett-Packard 11/19/15  8.0.13295.984
HP Update Hewlett-Packard 11/19/15 3.98 MB 5.003.002.004
HPLJProMFPM127M128 Hewlett-Packard 11/19/15 6.05 MB 1.00.0000
Hugin 2011.4.0 The Hugin Development Team 09/05/13 153 MB 2011.4.0 hg_cf9be9344356
Infragisticsv62Install 2010 Thomson Reuters 06/19/12 5.53 MB 10.1.0
IntelliConnect® Search Wolters Kluwer 12/03/14  1.0.10.5
Intel® Matrix Storage Manager Intel Corporation 04/24/12  
Intuit PTG MachID Intuit Inc 06/22/15 777 KB 1.03.0000
iTunes Apple Inc. 01/08/15 223 MB 12.0.1.26
Java 8 Update 66 Oracle Corporation 01/11/16 88.9 MB 8.0.660.18
JavaFX 2.1.1 Oracle Corporation 08/21/12 20.8 MB 2.1.1
Kleinrock Tax Products (Remove Only)  04/24/12  
Lacerte DMS Intuit 01/08/16  12.1.1
Lacerte Tax Planner Intuit Inc. 03/04/13  
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 05/01/13 19.2 MB 1.75.0.1300
Microsoft .NET Framework 4.6.1 Microsoft Corporation 03/09/16 38.8 MB 4.6.01055
Microsoft Document Explorer 2008 Microsoft Corporation 04/24/12  
Microsoft Office Home and Business 2010 Microsoft Corporation 07/24/13  14.0.7015.1000
Microsoft Security Essentials Microsoft Corporation 02/24/16  4.9.218.0
Microsoft Silverlight Microsoft Corporation 06/23/16 401 MB 5.1.50428.0
Microsoft SQL Server 2005 Microsoft Corporation 04/24/12  
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 01/06/11 1.69 MB 3.1.0000
Microsoft SQL Server Desktop Engine (LACERTEDB) Microsoft Corporation 01/13/11 68.9 MB 8.00.761
Microsoft SQL Server Native Client Microsoft Corporation 03/05/11 2.60 MB 9.00.5000.00
Microsoft SQL Server Setup Support Files (English) Microsoft Corporation 03/05/11 24.4 MB 9.00.5000.00
Microsoft SQL Server VSS Writer Microsoft Corporation 03/05/11 679 KB 9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 01/24/12 250 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06/15/11 300 KB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 01/14/11 198 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 05/11/11 598 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01/13/11 2.05 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 06/20/12 232 KB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04/24/12 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 03/31/12 238 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12/14/11 222 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06/15/11 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 10/16/14 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Corporation 08/12/15 17.3 MB 11.0.50727.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Corporation 10/16/14  10.0.50903
Microsoft Windows SDK for Windows 7 (7.0) Microsoft Corporation 04/24/12  7.0.7600.16385.40715
Mozilla Firefox 38.0.5 (x86 en-US) Mozilla 06/29/15 83.1 MB 38.0.5
Mozilla Firefox 6.0 (x86 en-US) Mozilla 04/24/12 33.0 MB 6.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 01/13/11 37.0 KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01/13/11 1.43 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 07/27/11 44.0 KB 4.20.9818.0
MultiMon TaskBar 2.1 MediaChance 04/24/12  
Peachtree Accounting 2011 Sage Software, Inc. 01/13/11 265 MB 18.00.00
Peachtree Accounting 2012 Sage Software, Inc. 07/30/13 349 MB 19.00.00
Peachtree Complete Accounting  04/24/12  
Peachtree Premium Accounting 2006 - Accountants' Edition Sage Software SB, Inc. 01/13/11 339 MB 13.00.00
Peachtree Quantum 2008 - Accountants' Edition Sage Software SB, Inc. 01/13/11 328 MB 15.00.00
Peachtree Quantum 2009 - Accountants' Edition Sage Software, Inc. 01/13/11 290 MB 16.00.01
Pervasive PSQL v11 Workgroup (32-bit) SP3 Pervasive Software 07/23/13 96.9 MB 11.30.057
Pervasive Software PSQL v9.1 Client Pervasive Software 04/24/12  
Pervasive System Analyzer v9.1 Pervasive Software 04/24/12  
Picasa 3 Google, Inc. 04/22/13  3.9
Revo Uninstaller Pro 2.5.8 VS Revo Group, Ltd. 04/24/12 51.0 MB 2.5.8
RoboForm 7-9-14-4 (All Users) Siber Systems 06/22/15 20.0 MB 7-9-14-4
Roxio Creator Starter Roxio 04/24/12 1.45 GB 12.1.40.0
Sage 50 Accounting 2013 Sage Software, Inc. 12/19/12 383 MB 20.00.00
Sage 50 Accounting 2014 Sage Software, Inc. 07/23/13 419 MB 21.01.00
Sage 50 Accounting 2015 Sage Software, Inc. 01/08/15 322 MB 22.00.00
Sage 50 Accounting 2016 Sage Software, Inc. 08/12/15 320 MB 23.00.00
Sage Software Integration Services Sage Technology 11/18/14  2.2.2240
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) SAP 07/23/13 195 MB 13.0.3.612
Scanner Utility for Microsoft Windows FUJITSU 01/14/11  9.11.2.0
Skype™ 7.0 Skype Technologies S.A. 04/15/15 47.9 MB 7.0.102
Software Operation Panel  04/24/12  
StreetSmart Edge Schwab 05/11/11  1.4.7.0
SupportSoft Assisted Service SupportSoft 07/27/11 3.45 MB 15
TheBestSpinner3  07/15/14  
TValue Version 5.20 Multi-user Edition  12/10/12  
Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 04/24/12  
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) Dell Inc. 04/24/12  09/11/2009 1.0.1.6
Windows Live Essentials Microsoft Corporation 01/06/11  15.4.3502.0922
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 01/06/11 5.57 MB 15.4.5722.2


 



#7 buddy215

buddy215

  • Moderator
  • 13,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:35 AM

Posted 17 August 2016 - 11:24 AM

Suggest disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\mj7\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run DymoQuickPrint Sanford, L.P. "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
Yes HKCU:Run RoboForm Siber Systems "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

Yes HKLM:Run Adobe Acrobat Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
Yes HKLM:Run Desktop Disc Tool Sonic Solutions "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
Yes HKLM:Run DLSService  "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"

Yes HKLM:Run DNS7reminder Nuance Communications, Inc. "C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"

Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

Yes HKLM:Run ISUSPM Flexera Software LLC. C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

Yes HKLM:Run RoxWatchTray Sonic Solutions "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\mj7\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

Disable these tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task DropboxUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1162Core Dropbox, Inc. C:\Users\mj7\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-3110335400-1483347335-1036199953-1162UA Dropbox, Inc. C:\Users\mj7\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

 

Uninstall these programs:

Adobe Acrobat  9 Standard - English, Français, Deutsch Adobe Systems 01/13/15  9.0.0 (Uninstall or UPdate)
Adobe AIR Adobe Systems Inc. 04/24/12  2.5.1.1773

ESET Online Scanner v3  08/16/16

Java 8 Update 66 Oracle Corporation 01/11/16 88.9 MB 8.0.660.18
JavaFX 2.1.1 Oracle Corporation 08/21/12 20.8 MB 2.1.1

Mozilla Firefox 38.0.5 (x86 en-US) Mozilla 06/29/15 83.1 MB 38.0.5 (Uninstall or UPdate to FF48)
Mozilla Firefox 6.0 (x86 en-US) Mozilla 04/24/12 33.0 MB 6.0

Skype™ 7.0 Skype Technologies S.A. 04/15/15 47.9 MB 7.0.102 (Uninstall or UPdate)

SupportSoft Assisted Service SupportSoft 07/27/11 3.45 MB 15 (keep if you actually use it)

Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 01/06/11 5.57 MB 15.4.5722.2

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 17 August 2016 - 12:14 PM

done with that



#9 buddy215

buddy215

  • Moderator
  • 13,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:35 AM

Posted 17 August 2016 - 12:25 PM

Good....if no other problems....you are good to go....surfing should be quicker without over taxing your comp...:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 mjtaxpro

mjtaxpro
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 17 August 2016 - 12:44 PM

Nice pun!  Thanks so much for your help



#11 buddy215

buddy215

  • Moderator
  • 13,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:35 AM

Posted 17 August 2016 - 01:00 PM

You're welcome...enjoyed working with you...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users