Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please.


  • Please log in to reply
17 replies to this topic

#1 ghostice02

ghostice02

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 10 September 2016 - 10:34 AM

i had a family member download some free software, yet i noticed something called relevant knowledge. was able to uninstall it using

maleware bytes , yet i noticed something show up when i rebooted the machine. a small window shows up everytime im logged in windows

 

as the following. " Update available.   The Url does not use a recognized protocol.

 

 

Please help what can i do to eliminate this issue.

 

 

Hope to hear from you soon


Edited by ghostice02, 10 September 2016 - 10:37 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 PM

Posted 10 September 2016 - 01:04 PM

Welcome to BC....

 

Best to run a series of scans using the programs below. No one program will find all.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 10 September 2016 - 03:03 PM

Thank you for your reply. Yet I have a quick question. Would i need to do this in safe mode by any chance. And are any of these going to infect my computer as I see esetonline scanner as a free type of program. Is it safe what about adwcleaner. Or cleaner.

#4 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 10 September 2016 - 03:25 PM

Would I need to do each scan one after the other and add all the scan loggs in one reply ? or wait for your reply after each scan logg is posted. ??

#5 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 PM

Posted 10 September 2016 - 03:45 PM

All of the scans are free for you to use. They are safe to use. I understand your precaution. These are programs used most often

here at BC.

 

You can post results as you go or post all in one post....up to you. No need to run in safe mode unless you are unable to download or

run in regular mode.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 10 September 2016 - 03:50 PM

Thank you for your reply. I will start immediately using the programs and post loggs. Thank you.

#7 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 01:54 PM

Here is the maleware bytes scan logg

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/12/2016
Scan Time: 14:30
Logfile: malware bytes text file.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.12.07
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: inflamesghost

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309126
Time Elapsed: 27 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 02:05 PM

Cleaning Complete - (6.174 secs)
------------------------------------------------------------------------------------------
3.18 KB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
Windows Explorer - Thumbnail Cache    4 KB    1 files    
------------------------------------------------------------------------------------------
C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db    4 KB
 



#9 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 04:02 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by inflamesghost (Administrator) on Mon 09/12/2016 at 15:28:04.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 41

Successfully deleted: C:\Users\inflamesghost\AppData\Local\{1690D6BD-D9D1-43C3-A92F-269A0D236CB5} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{1F4964C6-449E-45C1-85A4-0188030658DA} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{2CEE186D-CBA2-4259-838B-2632B314BE8A} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{4AE2AD33-97BE-4098-A27E-40AA25D9547F} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{5C3BDC39-B9B8-4C89-96E6-A50476A4B78C} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{5DF659D0-55B3-4FC8-BDFD-BE842586F435} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{6C40D841-9DA4-4204-9702-2FDD043C1515} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{89064605-D401-4141-B174-963ECB690078} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{9C638EBA-C7A1-4DE4-98D1-980655C7B545} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{B388C2E7-2471-40C2-8BD3-F0DCED413FF3} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{D2407953-7156-46E3-9C68-14C1FEB3557B} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{D4E756DB-6958-4B08-A3DE-739D5242B7B4} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{D563DCE5-3FF5-44F3-9F2C-A5D5B82AE5C8} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{DC4B63FE-1F14-4FBE-AE82-2497B2D3ADB2} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{E35A35DC-AF22-478C-B1AC-7E1A2A74577F} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{F188BC3F-5478-4262-AC9C-54B4FEEB0D88} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\{F581556B-5C30-4175-91E2-94F9209C219A} (Empty Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Roaming\new version available (Folder)
Successfully deleted: C:\windows\couponprinter.ocx (File)
Successfully deleted: C:\Program Files (x86)\GUTADA.tmp (File)
Successfully deleted: C:\ProgramData\SPL116D.tmp (File)
Successfully deleted: C:\ProgramData\SPL6548.tmp (File)
Successfully deleted: C:\ProgramData\SPLA266.tmp (File)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0K3WC9I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S26NOGWO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVYGGDG1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\inflamesghost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YES20TD2 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf (File)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0K3WC9I (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S26NOGWO (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVYGGDG1 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YES20TD2 (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{58BD2E31-EB88-4D37-8B12-59A6ED40DCBF} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/12/2016 at 15:32:19.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


C:\AdwCleaner\quarantine\files\glffytcbwktdsuqdrmoevphtzotwpjxq\uninstall.exe    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Users\inflamesghost\Downloads\CouponPrinterCPS.exe    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
 


# AdwCleaner v6.010 - Logfile created 12/09/2016 at 15:17:34
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-12.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : inflamesghost - LABESTIA
# Running from : C:\Users\inflamesghost\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

Service Found:  CouponPrinterService


***** [ Folders ] *****

Folder Found:  C:\ProgramData\Avg_Update_1014av
Folder Found:  C:\Users\inflamesghost\AppData\Roaming\pccustubinstaller
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found:  C:\Program Files (x86)\Coupons
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found:  C:\Program Files (x86)\Coupons


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKU\S-1-5-21-3549477500-18713132-2499904664-1000\Software\AppDataLow\Software\adawarebp
Key Found:  HKCU\Software\AppDataLow\Software\adawarebp


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\inflamesghost\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\inflamesghost\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1955 Bytes] - [12/09/2016 15:17:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2028 Bytes] ##########
 


# AdwCleaner v6.010 - Logfile created 12/09/2016 at 15:21:55
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-12.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : inflamesghost - LABESTIA
# Running from : C:\Users\inflamesghost\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[!] Service not deleted: CouponPrinterService


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_1014av
[-] Folder deleted: C:\Users\inflamesghost\AppData\Roaming\pccustubinstaller
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files (x86)\Coupons
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[#] Folder deleted on reboot: C:\Program Files (x86)\Coupons


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\S-1-5-21-3549477500-18713132-2499904664-1000\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp


***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1834 Bytes] - [12/09/2016 15:21:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [2107 Bytes] - [12/09/2016 15:17:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1980 Bytes] ##########
 



#10 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 04:03 PM

after you look over the loggs, what would need to be done next. also after all would i need to uninstall any of the programs you suggested.

 

.

thank you

 

hope to hear from you soon .



#11 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 PM

Posted 12 September 2016 - 04:57 PM

Some adware and junkware was removed. I see a couple of things that could of been responsible for the "update available" and were removed.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 06:13 PM

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKLM:Run    AVG_UI        "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
Yes    HKLM:Run    EzPrint    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
Yes    HKLM:Run    HSON    TOSHIBA Corporation    %ProgramFiles%\TOSHIBA\TBS\HSON.exe
Yes    HKLM:Run    lxecmon.exe    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
Yes    HKLM:Run    NortonOnlineBackupReminder    Toshiba    "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
Yes    HKLM:Run    RtHDVBg    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
Yes    HKLM:Run    RtHDVBg_Dolby    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes    HKLM:Run    StartCCC    Advanced Micro Devices, Inc.    "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes    HKLM:Run    SynTPEnh    Synaptics Incorporated    %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes    HKLM:Run    TCrdMain    TOSHIBA Corporation    %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
Yes    HKLM:Run    Teco        "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
No    HKLM:Run    ToshibaAppPlace    Toshiba    "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
Yes    HKLM:Run    ToshibaServiceStation    TOSHIBA Corporation    "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
Yes    HKLM:Run    TosNC    TOSHIBA Corporation    %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
Yes    HKLM:Run    TosReelTimeMonitor    TOSHIBA Corporation    %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
Yes    HKLM:Run    TosSENotify    TOSHIBA Corporation    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
Yes    HKLM:Run    TosVolRegulator    TOSHIBA Corporation    C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
Yes    HKLM:Run    TosWaitSrv    TOSHIBA Corporation    %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
Yes    HKLM:Run    TPwrMain    TOSHIBA Corporation    %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
Yes    HKLM:Run    TSleepSrv    TOSHIBA    %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Yes    Startup Common    Mozilla Firefox.lnk    Mozilla Corporation    C:\Program Files (x86)\Mozilla Firefox\firefox.exe


Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Product Updater        "C:\Program Files (x86)\Free Audio Editor 2016\FFProductUpdater.exe"
Yes    Task    {9B2CAD45-DD59-44D5-AAD2-6FB82E0D976B}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/7.17.85.105/en/abandoninstall?page=tsProgressBar
 



#13 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 06:17 PM

ABBYY FineReader 6.0 Sprint    ABBYY Software House    4/26/2014    116 MB    6.00.2146.41621
Adobe Acrobat Reader DC    Adobe Systems Incorporated    8/2/2016    200 MB    15.017.20053
Adobe Flash Player 22 NPAPI    Adobe Systems Incorporated    7/26/2016    19.1 MB    22.0.0.209
Amazon Links    TOSHIBA Corporation    11/4/2011        2.02
ATI Catalyst Install Manager    ATI Technologies, Inc.    11/4/2011    22.4 MB    3.0.820.0
CCleaner    Piriform    9/12/2016        5.21
Corel WinDVD    Corel Inc.    11/4/2011    292 MB    10.0.5.871
Coupon Printer for Windows    Coupons.com Incorporated    8/13/2014        5.0.0.9
ESET Online Scanner v3        9/12/2016        
Google Chrome    Google Inc.    11/4/2011        52.0.2743.116
Java™ 6 Update 20    Sun Microsystems, Inc.    4/27/2011    97.2 MB    6.0.200
Label@Once 1.0    Corel    11/4/2011    33.0 MB    1.0
Lexmark Pro800-Pro900 Series    Lexmark International, Inc.    4/22/2014        
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    9/9/2016    66.8 MB    2.2.1.1043
Microsoft .NET Framework 4.6.1    Microsoft Corporation    3/12/2016    38.8 MB    4.6.01055
Microsoft Office 2010    Microsoft Corporation    9/13/2013    8.27 MB    14.0.4763.1000
Microsoft Primary Interoperability Assemblies 2005    Microsoft Corporation    4/27/2011    7.75 MB    9.0.21022
Microsoft Silverlight    Microsoft Corporation    1/12/2016    497 MB    5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    4/27/2011    1.69 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    4/10/2012    300 KB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    4/27/2011    788 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    11/4/2011    784 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    4/10/2012    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    4/27/2011    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    11/4/2011    592 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    4/10/2012    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319    Microsoft Corporation    5/16/2012    14.5 MB    10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319    Microsoft Corporation    5/16/2012    11.0 MB    10.0.30319
Mozilla Firefox 48.0.2 (x86 en-US)    Mozilla    9/6/2016    90.9 MB    48.0.2
Mozilla Maintenance Service    Mozilla    9/6/2016    341 KB    48.0.2.6079
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    1/16/2012    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    1/16/2012    1.33 MB    4.20.9876.0
Norton Internet Security    Symantec Corporation    1/9/2012        18.7.2.3
PL HC 5030UB_5030UBe Guide version 1.0        7/18/2015    1.40 MB    1.0
PlayReady PC Runtime amd64    Microsoft Corporation    4/27/2011    2.05 MB    1.3.0
PlayReady PC Runtime x86    Microsoft Corporation    4/27/2011    1.65 MB    1.3.0
Realtek Ethernet Controller Driver    Realtek    11/4/2011        7.38.113.2011
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    2/23/2016        6.0.1.6687
Realtek USB 2.0 Card Reader    Realtek Semiconductor Corp.    11/4/2011        6.1.7600.30126
Realtek WLAN Driver    REALTEK Semiconductor Corp.    11/4/2011        2.00.0016
Skype Launcher    TOSHIBA Corporation    11/4/2011        2.01
Skype™ 7.16    Skype Technologies S.A.    1/3/2016    76.7 MB    7.16.102
Synaptics Pointing Device Driver    Synaptics Incorporated    11/4/2011    46.4 MB    15.2.11.1
Toshiba App Place    Toshiba    11/4/2011    538 KB    1.0.6.3
TOSHIBA Application Installer    TOSHIBA    4/27/2011        9.0.1.1
TOSHIBA Assist    TOSHIBA CORPORATION    4/27/2011        4.02.02
Toshiba Book Place    K-NFB Reading Technology, Inc.    4/27/2011    46.5 MB    2.2.6775
TOSHIBA Bulletin Board    TOSHIBA Corporation    11/4/2011        2.1.10.64
TOSHIBA Disc Creator    TOSHIBA Corporation    11/4/2011    11.0 MB    2.1.0.9 for x64
TOSHIBA eco Utility    TOSHIBA Corporation    11/4/2011    18.8 MB    1.3.2.64
TOSHIBA Face Recognition    TOSHIBA Corporation    11/4/2011        3.1.8.64
TOSHIBA Hardware Setup    TOSHIBA    11/4/2011        2.00.0012
TOSHIBA HDD/SSD Alert    TOSHIBA Corporation    11/4/2011    55.0 MB    3.1.64.8
Toshiba Laptop Checkup    Symantec Corporation    11/4/2011        2.0.10.26
TOSHIBA Media Controller    TOSHIBA CORPORATION    11/4/2011        1.0.86.2
TOSHIBA Media Controller Plug-in    TOSHIBA CORPORATION    1/19/2016    4.89 MB    1.0.8.0
Toshiba Online Backup    Toshiba    11/4/2011    3.37 MB    2.0.0.25
TOSHIBA PC Health Monitor    TOSHIBA Corporation    11/4/2011    28.9 MB    1.7.7.64
TOSHIBA Quality Application    TOSHIBA    1/9/2012        1.0.3
TOSHIBA Recovery Media Creator    TOSHIBA CORPORATION    11/4/2011        2.1.3.5109
TOSHIBA ReelTime    TOSHIBA Corporation    11/4/2011        1.7.18.64
TOSHIBA Resolution+ Plug-in for Windows Media Player    TOSHIBA Corporation    11/4/2011        1.1.0
TOSHIBA Service Station    TOSHIBA    2/18/2016        2.2.15.0
TOSHIBA Sleep Utility    TOSHIBA Corporation    11/4/2011        1.4.2.8
TOSHIBA Supervisor Password    TOSHIBA    11/4/2011        2.00.0007
TOSHIBA Value Added Package    TOSHIBA Corporation    11/4/2011    104 MB    1.5.10.64
TOSHIBA Web Camera Application    TOSHIBA Corporation    11/4/2011    65.0 MB    2.0.0.21
TOSHIBA Wireless LAN Indicator    TOSHIBA CORPORATION    11/4/2011    5.08 MB    1.0.4
ToshibaRegistration    Toshiba    4/27/2011        1.0.4
Visual Studio 2012 x64 Redistributables    AVG Technologies    11/27/2014    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    11/27/2014    10.5 MB    14.0.0.1
Windows Live Essentials    Microsoft Corporation    4/27/2011        15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections    Microsoft Corporation    4/27/2011    5.57 MB    15.4.5722.2
 



#14 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:32 PM

Posted 12 September 2016 - 07:25 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKLM:Run    EzPrint    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"

Yes    HKLM:Run    lxecmon.exe    Lexmark International, Inc.    "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
Yes    HKLM:Run    NortonOnlineBackupReminder    Toshiba    "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED (Keep enabled if you actually use it)

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing disable on the right.

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

Delete these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.

Yes    Task    Product Updater        "C:\Program Files (x86)\Free Audio Editor 2016\FFProductUpdater.exe"
Yes    Task    {9B2CAD45-DD59-44D5-AAD2-6FB82E0D976B}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/7.17.85.105/en/abandoninstall?page=tsProgressBar

 

Uninstall these programs:

Amazon Links    TOSHIBA Corporation    11/4/2011        2.02

Coupon Printer for Windows    Coupons.com Incorporated    8/13/2014        5.0.0.9

ESET Online Scanner v3        9/12/2016      

Java™ 6 Update 20    Sun Microsystems, Inc.    4/27/2011    97.2 MB    6.0.200

Skype Launcher    TOSHIBA Corporation    11/4/2011        2.01

Visual Studio 2012 x64 Redistributables    AVG Technologies    11/27/2014    12.9 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    11/27/2014    10.5 MB    14.0.0.1

 

I see Norton Internet Securiity installed....is it paid for and up to date?

I also see a Windows Startup entry for AVG UI....though it is Disabled.

Are you having a problem with installing and running an Antivirus program such as the two above?

 

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 ghostice02

ghostice02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 13 September 2016 - 10:24 AM

what will the security check do exactly as now i see the system running very good.

 

 

also when should i uninstall the programs that were installed for the check and loggs






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users