Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware help?


  • Please log in to reply
14 replies to this topic

#1 farmgirl806

farmgirl806

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 09 September 2016 - 02:19 PM

I have a Toshiba satellite laptop that is running windows 10.  It has 4 gig ram and is a 64bit.  My problem is it is almost unusable because it

locks up on any browser.  Then I have to open task manager and then things free up.  I don't have to use task manager - just open it.  Browsers are unresponsive and pages don't load.  I did scan /scannow as administrator and I believe there are still 3 corrupt files.  So I am not sure if there is a virus or where I need to start.  I am sure hoping someone will help me fix this.  Thanks in advance.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 09 September 2016 - 04:00 PM

Try booting into Safe Mode With Networking and performing the scans using the instructions below.

 

Scan with Rkill....download from this intentionally obfuscated link: Download Now iExplore.exe

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

 

ONCE RKILL HAS FINISHED ITS SCAN.....DO NOT REBOOT UNLESS MBAM ASKS YOU TO

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 10 September 2016 - 07:10 AM

I believe I have run the programs that you requested.  I saved the logs to my desktop. But when I try to copy and paste - paste is greyed out..  I believe both the rkill and Malwarebytes found nothing but I just am unable to get the results on to this post.  I will watch for your response .  thanks

          



#4 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 10 September 2016 - 07:18 AM

sorry  for the last post I just figured it out.

 

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/09/2016 04:28:19 PM in x64 mode. (Safe Mode)
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * EventSystem (EventSystem) is not Running.
   Startup Type set to: Automatic

 * wscsvc (wscsvc) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 09/09/2016 04:32:50 PM
Execution time: 0 hours(s), 4 minute(s), and 30 seconds(s)

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/9/2016
Scan Time: 8:41 PM
Logfile: Scan log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.10.01
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397481
Time Elapsed: 44 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#5 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 10 September 2016 - 08:28 AM

Run some more scans from safe mode with networking if you are unable to do so in regular mode.

First...attempt to run the Rkill scan in regular mode then attempt to download and run the scans below.

 

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 10 September 2016 - 08:30 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 10 September 2016 - 06:08 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Owner (Administrator) on Sat 09/10/2016 at 17:36:00.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 0

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/10/2016 at 17:41:18.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v6.010 - Logfile created 10/09/2016 at 10:24:34
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-05.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Owner - ALLANS-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wiz

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8651 Bytes] - [25/07/2016 20:36:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [3014 Bytes] - [17/08/2016 17:28:35]
C:\AdwCleaner\AdwCleaner[C3].txt - [5935 Bytes] - [05/09/2016 17:27:49]
C:\AdwCleaner\AdwCleaner[C4].txt - [1037 Bytes] - [10/09/2016 10:24:34]
C:\AdwCleaner\AdwCleaner[R0].txt - [6339 Bytes] - [08/04/2014 19:31:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [6302 Bytes] - [08/04/2014 19:34:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [10669 Bytes] - [25/07/2016 20:30:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [2957 Bytes] - [17/08/2016 17:27:06]
C:\AdwCleaner\AdwCleaner[S3].txt - [3292 Bytes] - [05/09/2016 17:20:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [1752 Bytes] - [10/09/2016 10:22:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1549 Bytes] ##########

 

Eset did not find anything and left no log



#7 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 10 September 2016 - 06:25 PM

Let's see what CCleaner's tools can find.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 10 September 2016 - 10:52 PM

here are 2 of the logs. There was nothing in scheduled tasks    No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Google Update Google Inc. "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
No HKCU:Run GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
No HKCU:Run KGShareApp Eastman Kodak Company C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
No HKCU:Run OneDrive Microsoft Corporation "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No HKCU:Run Spybot-S&D Cleaning  "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
No HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKCU:Run swg  "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:RunOnce Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
No HKLM:Run cAudioFilterAgent Conexant Systems, Inc. C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
Yes HKLM:Run HSON TOSHIBA Corporation %ProgramFiles%\TOSHIBA\TBS\HSON.exe
No HKLM:Run NortonOnlineBackupReminder Toshiba "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
No HKLM:Run SDTray  "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
No HKLM:Run SmartAudio Conexant Systems, Inc. C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run TCrdMain TOSHIBA Corporation %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
Yes HKLM:Run Teco  "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
No HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
No HKLM:Run ToshibaAppPlace Toshiba "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
Yes HKLM:Run TosNC TOSHIBA Corporation %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
No HKLM:Run TosReelTimeMonitor TOSHIBA Corporation %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
No HKLM:Run TosSENotify TOSHIBA Corporation C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
No HKLM:Run TosVolRegulator TOSHIBA Corporation C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
No HKLM:Run TosWaitSrv TOSHIBA Corporation %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
No HKLM:Run TPwrMain TOSHIBA Corporation %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
Yes HKLM:Run TrojanScanner Simply Super Software C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
No HKLM:Run TSleepSrv TOSHIBA %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
No Startup Common HandyAndy.lnk Andy OS, inc. C:\Program Files\Andy\HandyAndy.exe
No Startup Common RealPlayer Cloud Service UI.lnk RealNetworks, Inc. C:\PROGRA~2\Real\REALPL~1\RPDS\Bin64\RPSYST~1.EXE

 

 

 

 

Yes Directory Add to Easy Media Player's Playlist  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Offline Files  
Yes Directory Play with Easy Media Player  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Directory Scan with Trojan Remover Simply Super Software C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1"
Yes Drive Change BitLocker password  C:\WINDOWS\System32\bdechangepin.exe -pw %1
Yes Drive Change BitLocker PIN  C:\WINDOWS\System32\bdechangepin.exe
Yes Drive Resume BitLocker protection  C:\WINDOWS\System32\BitLockerWizard.exe %1 V
Yes Drive Scan with Trojan Remover Simply Super Software C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1"
Yes Drive Turn on BitLocker  C:\WINDOWS\System32\BitLockerWizard.exe %1 T
Yes Drive VMDiskMenuHandler VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll
Yes Drive VMDiskMenuHandler64 VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll
Yes File 00avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes File {4A7C4306-57E0-4C0C-83A9-78C1528F618C} RealNetworks, Inc. c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll
Yes Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder Offline Files  

 

 

 

If there are any programs that I have that you think should go  I will do it.  The only one that's important to me is " sure cuts a lot"
 

Thanks!
 



#9 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 11 September 2016 - 04:48 AM

I don't see the list of Installed programs.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 11 September 2016 - 11:19 AM

here is the log you wanted.   I do have a problem in here.  A program called Trojan remover is in here that I do not remember installing.  When I have tried to uninstall it    it tells me that some files are missing to uninstall and to reinstall first.  I did find it with google but I am not able to install it so that I can uninstall it.  I don't use it and don't think I ever have.

 

 

3D Builder Microsoft Corporation 7/20/2016  11.1.9.0
Adobe AIR Adobe Systems Incorporated 5/30/2016 24.3 MB 21.0.0.215
Adobe Flash Player 22 NPAPI Adobe Systems Incorporated 7/12/2016 5.79 MB 22.0.0.209
Adobe Reader X (10.1.16) MUI Adobe Systems Incorporated 12/5/2015 683 MB 10.1.16
Adobe Shockwave Player 12.2 Adobe Systems, Inc. 2/23/2016 34.4 MB 12.2.3.183
Alarms & Clock Microsoft Corporation 9/9/2016  10.1608.2312.0
AMD Catalyst Control Center AMD 12/5/2015  1.00.0000
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2/15/2012 29.0 MB 3.0.851.0
Andy OS Andy OS, Inc 7/4/2016 150 MB 46.2
App connector Microsoft Corporation 12/5/2015  1.3.3.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 2/15/2012  1.0.1.42
Avast Internet Security AVAST Software 7/25/2016 1.94 GB 11.1.2253
avast! EasyPass AVAST Software 12/5/2015 20.0 MB 7-7-8-128
Bible LifeChurch.tv 4/22/2016  2.0.4.37
Bonjour Apple Inc. 4/17/2016 4.00 MB 3.0.0.10
Calculator Microsoft Corporation 9/9/2016  10.1608.2213.0
Camera Microsoft Corporation 9/9/2016  2016.816.20.0
Candy Crush Saga king.com 9/9/2016  1.830.4.0
Canon Inkjet Print Utility Canon Inc. 6/24/2016  2.6.0.5
CBS CBS Interactive Inc. 9/9/2016  3.0.8197.0
CCleaner Piriform 9/11/2016  5.21
ChromecastApp Google Inc. 12/16/2015 5.85 MB 1.5.1693.0
Cisco EAP-FAST Module Cisco Systems, Inc. 2/15/2012 1.52 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 2/15/2012 838 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 2/15/2012 1.28 MB 1.1.6
Easy Media Player 1.1.12 Easy Media Player 12/12/2015 56.1 MB 1.1.12
ESET Online Scanner v3  9/10/2016  
GameHouse Games GameHouse 7/18/2016 2.04 MB 8.50.2
Get Office Microsoft Corporation 9/9/2016  17.7319.23511.0
Get Skype Skype 12/5/2015  3.2.1.0
Get Started Microsoft Corporation 9/9/2016  4.0.12.0
Google Chrome Google Inc. 11/26/2014  52.0.2743.116
Groove Music Microsoft Corporation 9/9/2016  3.6.23981.0
HP AiO Printer Remote  6/24/2016  
iSEEK AnswerWorks English Runtime Vantage Linguistics 4/23/2015 9.54 MB 010.000.0101
Java 7 Update 71 Oracle 3/1/2014 146 MB 7.0.710
KODAK Share Button App Eastman Kodak Company 5/21/2016 72.6 MB 4.06.0015.0313
Mail and Calendar Microsoft Corporation 9/9/2016  17.7167.40721.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 4/17/2016 56.9 MB 2.2.1.1043
Maps Microsoft Corporation 9/9/2016  5.1608.2310.0
Messaging + Skype Microsoft Corporation 4/18/2016  2.15.20002.0
Microsoft Office 2010 Microsoft Corporation 11/1/2011 10.7 MB 14.0.4763.1000
Microsoft Office Click-to-Run 2010 Microsoft Corporation 5/23/2016 3.96 MB 14.0.4763.1000
Microsoft Office Starter 2010 - English Microsoft Corporation 12/5/2015  14.0.5139.5005
Microsoft Silverlight Microsoft Corporation 6/22/2016 143 MB 5.1.50428.0
Microsoft Solitaire Collection Microsoft Studios 8/17/2016  3.11.7293.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11/1/2011 3.39 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 4/3/2012 600 KB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 11/1/2011 1.53 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2/15/2012 1.53 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 4/3/2012 1.53 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 5/21/2016 4.81 MB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2/15/2012 1.15 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 4/3/2012 1.17 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 Microsoft Corporation 4/3/2012 27.1 MB 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 4/3/2012 22.0 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/13/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 1/14/2016 17.3 MB 11.0.61030.0
Microsoft Wi-Fi Microsoft Corporation 4/29/2016  1.1604.4.0
Money Microsoft Corporation 9/9/2016  4.13.47.0
Motorola Mobile Drivers Installation 5.1.0 Motorola Inc. 3/13/2013 8.62 MB 5.1.0
Movies & TV Microsoft Corporation 9/9/2016  3.6.23941.0
My Toshiba Ennova Research 2/8/2016  3.2.49.0
News Microsoft Corporation 9/9/2016  4.13.47.0
NpackdCL Npackd 7/23/2016 16.4 MB 1.18.7
OneNote Microsoft Corporation 9/9/2016  17.7341.57791.0
opener-app Tiny Opener 8/7/2016  1.2.11.0
People Microsoft Corporation 7/21/2016  10.0.11902.0
Phone Microsoft Corporation 6/4/2016  2.17.27003.0
Phone Companion Microsoft Corporation 9/9/2016  10.1608.2211.0
Photos Microsoft Corporation 8/16/2016  16.722.10060.0
PlayReady PC Runtime amd64 Microsoft Corporation 11/1/2011 4.11 MB 1.3.0
PlayReady PC Runtime x86 Microsoft Corporation 2/15/2012 3.30 MB 1.3.0
Pronto! Pro CommuniGate Systems 5/23/2016 6.92 MB 6.1
Quicken 2015 Intuit 4/23/2015 198 MB 24.1.5.11
Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 2/15/2012 20.4 MB 1.0.0.14
Realtek WLAN Driver REALTEK Semiconductor Corp. 2/15/2012 5.39 MB 2.00.0013
Remote Desktop assistant Remote Desktop assistant 7/2/2016  1.0.0.102
Sante DICOM Viewer FREE Santesoft 12/5/2015 41.1 MB 4.0.14
Sports Microsoft Corporation 9/9/2016  4.13.47.0
Store Microsoft Corporation 4/30/2016  11602.1.26.0
SUPERAntiSpyware SUPERAntiSpyware.com 5/30/2016 10.4 MB 6.0.1164
Sure Cuts A Lot 4.038 Craft Edge 11/27/2015 55.2 MB 
Sway Microsoft Corporation 8/12/2016  17.7341.45171.0
Synaptics Pointing Device Driver Synaptics Incorporated 12/5/2015 46.4 MB 19.0.10.0
TeamViewer 11 TeamViewer 7/25/2016 103 MB 11.0.53254
Toshiba App Place Toshiba 2/15/2012 925 KB 1.0.6.3
TOSHIBA Application Installer TOSHIBA 11/1/2011 79.3 MB 9.0.1.2
TOSHIBA Assist TOSHIBA CORPORATION 11/1/2011 79.3 MB 4.2.3.0
Toshiba Book Place K-NFB Reading Technology, Inc. 2/15/2012 79.9 MB 2.2.7530
TOSHIBA Bulletin Board TOSHIBA Corporation 12/28/2015 79.3 MB 1.6.08.64
TOSHIBA Disc Creator TOSHIBA Corporation 2/15/2012 22.0 MB 2.1.0.11 for x64
TOSHIBA eco Utility TOSHIBA Corporation 2/15/2012 37.7 MB 1.3.5.64
TOSHIBA Face Recognition TOSHIBA Corporation 12/28/2015 79.3 MB 3.1.17.64
TOSHIBA Hardware Setup TOSHIBA 12/5/2015  4.09.03.00
TOSHIBA HDD/SSD Alert TOSHIBA Corporation 2/15/2012 110 MB 3.1.64.9
TOSHIBA Media Controller TOSHIBA CORPORATION 11/1/2011 79.3 MB 1.0.87.4
TOSHIBA Media Controller Plug-in TOSHIBA CORPORATION 1/9/2013 13.3 MB 1.0.8.0
Toshiba Online Backup Toshiba 2/15/2012 5.28 MB 2.0.0.31
TOSHIBA PC Health Monitor TOSHIBA Corporation 2/15/2012 57.8 MB 1.7.8.64
TOSHIBA Quality Application TOSHIBA 4/3/2012 2.10 MB 1.0.4
TOSHIBA Recovery Media Creator TOSHIBA CORPORATION 11/1/2011 79.3 MB 2.1.5.5109a
TOSHIBA ReelTime TOSHIBA Corporation 12/28/2015 79.3 MB 1.7.20.64
TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Corporation 2/15/2012  1.1.2001
TOSHIBA Service Station Toshiba Corporation 12/26/2015 5.84 MB 2.6.16.0
TOSHIBA Sleep Utility TOSHIBA Corporation 2/15/2012 3.69 MB 1.4.2.8
TOSHIBA Supervisor Password TOSHIBA 12/5/2015  4.09.03.00
TOSHIBA Value Added Package TOSHIBA Corporation 2/15/2012 124 MB 1.6.1.64
TOSHIBA Web Camera Application TOSHIBA Corporation 2/15/2012 31.0 MB 2.0.3.3
TOSHIBARegistration TOSHIBA 11/1/2011 8.74 MB 1.0.7
Trojan Remover 6.9 Simply Super Software 8/16/2016 17.4 MB 6.9
Tweaking.com - Windows Repair Tweaking.com 7/30/2016 40.7 MB 3.9.6
Viscom Store DICOM Viewer Viscom Software 12/5/2015 12.6 MB 
VMware Player VMware, Inc. 7/2/2016 261 MB 12.1.1
VMware VIX VMware, Inc. 7/2/2016 106 MB 1.15.3.00000
Voice Recorder Microsoft Corporation 9/9/2016  10.1608.2211.0
Weather Microsoft Corporation 9/9/2016  4.13.47.0
WildTangent Games WildTangent 12/12/2015 642 KB 1.0.4.0
Windows 10 Upgrade Assistant Microsoft Corporation 8/6/2016 5.00 MB 1.4.9200.17346
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) Eastman Kodak 5/21/2016  01/29/2010 1.4.1.0
Windows DVD Player Microsoft Corporation 12/5/2015  3.6.13291.0
Windows Live Essentials Microsoft Corporation 1/14/2016  16.4.3528.0331
Xbox Microsoft Corporation 9/9/2016  19.21.7006.0
 



#11 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 11 September 2016 - 12:39 PM

I think I saw two lists and wrongly assumed one was Scheduled Tasks....I now see that isn't so. So, Please go back to the instructions 

for posting that list of Tasks.

 

Yes, I saw Trojan Remover 6.9 Simply Super Software 8/16/2016 17.4 MB 6.9 in the other lists. It may be possible to uninstall it using Download Revo Uninstaller Freeware

Let me know if that was successful.

 

Delete these Windows Startups: Use CCleaner by clicking on the item and choosing Delete on the right.

Yes HKLM:Run TrojanScanner Simply Super Software C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

Use CCleaner by clicking on the item and choosing Delete on the right.

Yes Directory Scan with Trojan Remover Simply Super Software C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1"

Yes Drive Scan with Trojan Remover Simply Super Software C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1"

Yes File {4A7C4306-57E0-4C0C-83A9-78C1528F618C} RealNetworks, Inc. c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll

Yes Directory Add to Easy Media Player's Playlist  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1"

Yes Directory Play with Easy Media Player  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1"

 

Uninstall these programs: You can use Revo to uninstall these

Candy Crush Saga king.com 9/9/2016  1.830.4.0

Easy Media Player 1.1.12 Easy Media Player 12/12/2015 56.1 MB 1.1.12

iSEEK AnswerWorks English Runtime Vantage Linguistics 4/23/2015 9.54 MB 010.000.0101 (Keep if you actually use it)

Java 7 Update 71 Oracle 3/1/2014 146 MB 7.0.710

SUPERAntiSpyware SUPERAntiSpyware.com 5/30/2016 10.4 MB 6.0.1164 (Keep if you purchased it...)

WildTangent Games WildTangent 12/12/2015 642 KB 1.0.4.0


Edited by buddy215, 11 September 2016 - 12:41 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 11 September 2016 - 05:15 PM

try again  

 

 

Yes Directory Add to Easy Media Player's Playlist  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Offline Files  
Yes Directory Play with Easy Media Player  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Drive Change BitLocker password  C:\WINDOWS\System32\bdechangepin.exe -pw %1
Yes Drive Change BitLocker PIN  C:\WINDOWS\System32\bdechangepin.exe
Yes Drive Resume BitLocker protection  C:\WINDOWS\System32\BitLockerWizard.exe %1 V
Yes Drive Turn on BitLocker  C:\WINDOWS\System32\BitLockerWizard.exe %1 T
Yes Drive VMDiskMenuHandler VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll
Yes Drive VMDiskMenuHandler64 VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll
Yes File 00avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes File {4A7C4306-57E0-4C0C-83A9-78C1528F618C} RealNetworks, Inc. c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll
Yes Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder Offline Files  
Yes Folder RUShellExt VS Revo Group C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll

 

 

 

Yes Directory Add to Easy Media Player's Playlist  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Offline Files  
Yes Directory Play with Easy Media Player  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Drive Change BitLocker password  C:\WINDOWS\System32\bdechangepin.exe -pw %1
Yes Drive Change BitLocker PIN  C:\WINDOWS\System32\bdechangepin.exe
Yes Drive Resume BitLocker protection  C:\WINDOWS\System32\BitLockerWizard.exe %1 V
Yes Drive Turn on BitLocker  C:\WINDOWS\System32\BitLockerWizard.exe %1 T
Yes Drive VMDiskMenuHandler VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll
Yes Drive VMDiskMenuHandler64 VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll
Yes File 00avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes File {4A7C4306-57E0-4C0C-83A9-78C1528F618C} RealNetworks, Inc. c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll
Yes Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder Offline Files  
Yes Folder RUShellExt VS Revo Group C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll


 

There is nothing in the scheduled tasks.  I was able to uninstall the Trojan program with renova     Thanks



#13 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 11 September 2016 - 05:37 PM

Good that Revo took care of that. If you have completed the instructions below....and rebooted....are the problems noted in your opening post still happening?

 

Delete these Windows Startups: Use CCleaner by clicking on the item and choosing Delete on the right.

Yes HKLM:Run TrojanScanner Simply Super Software C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

Yes Directory Scan with Trojan Remover Simply Super Software C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1"

Yes Drive Scan with Trojan Remover Simply Super Software C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1"

Yes File {4A7C4306-57E0-4C0C-83A9-78C1528F618C} RealNetworks, Inc. c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll

Yes Directory Add to Easy Media Player's Playlist  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1"

Yes Directory Play with Easy Media Player  "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1"

 

Uninstall these programs: You can use Revo to uninstall these

Candy Crush Saga king.com 9/9/2016  1.830.4.0

Easy Media Player 1.1.12 Easy Media Player 12/12/2015 56.1 MB 1.1.12

iSEEK AnswerWorks English Runtime Vantage Linguistics 4/23/2015 9.54 MB 010.000.0101 (Keep if you actually use it)

Java 7 Update 71 Oracle 3/1/2014 146 MB 7.0.710

SUPERAntiSpyware SUPERAntiSpyware.com 5/30/2016 10.4 MB 6.0.1164 (Keep if you purchased it...)

WildTangent Games WildTangent 12/12/2015 642 KB 1.0.4.0


Edited by buddy215, 11 September 2016 - 05:37 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 farmgirl806

farmgirl806
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 11 September 2016 - 07:46 PM

I was able to uninstall the programs you suggested.  So far the computer seems to respond ok.  Do you think the three files that sfc says are corrupt will be a problem?  I believe I can close this post  all seems to be ok.  Thanks so much for your help.  I really appreciate it.  



#15 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:15 AM

Posted 11 September 2016 - 08:16 PM

Good....you're welcome.

 

It would be a big reach for me to even guess about what effect those files being corrupt would have. Maybe they were related to something

that the scans, deletions and uninstalls solved. I'd say if nothing seems amiss...no need to attempt to fix.

 

happy surfin'....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users