Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Difficult to confirm if actually infected. Former pop ups/crashes. IT thought so


  • Please log in to reply
14 replies to this topic

#1 CincyJonBC

CincyJonBC

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 October 2016 - 08:59 AM

Software:

Windows 7 Professional
 
About two years ago my fiancee shelved her laptop, due to viruses. Apparently virus message windows would pop up when web surfing, the system had became significantly slower overall, and crashes were common. She took it to her school's IT service and they told her it would need to be reformatted - though it was so long ago she doesn't remember anything else they may have told her. She didn't want to deal with it, thus it has since sat in storage. 
 
I brought it out of the archives a couple days ago to see if the fine volunteers of BC could provide a second opinion.
 
The symptoms are curious. She says it's significantly slower and I can attest it sure isn't speedy.
 
I've tried to get the virus message windows she encountered to pop up, but so far haven't had luck using chrome or IE. She said they would come up when she was using the internet.
 
I've scanned using Avast, AVG, Windows Defender, and none find anything wrong. 
 
One curious thing is that her default anti virus is Symantec EndPoint Protection, and I've noticed the virus definitions won't update. The logs don't seem to indicate anything out of the ordinary, although the Network Threat Protection Traffic logs may show something unusual - (note: I'm inferring based off of my limited tech/virus experience). Happy to post those if you think it's worth checking out.
 
Harrdrive is not fragmented. 
 
I did see a pop up message from Symantec last night which seemed to indicate some kind of activity, but it went away and I am unable to find any trace of it. I'm hoping to take a screenshot if it happens again. 
 
To summarize, she definitely encountered virus pop ups and her IT person indicated a reformat is what was necessary to fix - but as of today it's hard for me to find clear evidence of a virus other than slowness, the inability to update Symantec, and that one pop up message from Symantec. 
 
Any suggestions for how to proceed? 
 
Thanks very much for all you do!
 
Best,
Jon
 


BC AdBot (Login to Remove)

 


#2 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 October 2016 - 09:06 AM

Forgot to mention, I also used Malware Bytes and SUPERantispyware. MB found only tracking cookies; SAS found tracking cookies and these: 

PUP.Bundler/Variant

PUP.BundleInstaller
PUP.Zugo/Variant
 
Could this be significant?


#3 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 20 October 2016 - 12:02 PM

Welcome to BC....

Norton may not update because it wants to be paid before doing that. Since you have Avast...uninstall both Norton and AVG. That might

help in improving performance, too.

 

Use the programs below to clean, remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 October 2016 - 02:10 PM

Thanks very much, buddy215!

 

I ran CCleaner, though I missed the part about unchecking google tool bars on installation. Still, I don't think I accidentally installed anything extra.

 

Here's the log for ADWCleaner:

# AdwCleaner v6.030 - Logfile created 20/10/2016 at 14:53:01
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : aurora.rivendale - SOM15-1127
# Running from : C:\Users\aurora.rivendale\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\PatternGenerators
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\aurora.rivendale\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-1576773326-2744501341-4114683667-1009\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\aurora.rivendale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\aurora.rivendale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch.ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2306 Bytes] - [20/10/2016 14:53:01]
C:\AdwCleaner\AdwCleaner[R0].txt - [9213 Bytes] - [12/06/2015 17:59:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [3977 Bytes] - [12/06/2015 18:04:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [2567 Bytes] - [20/10/2016 14:52:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2598 Bytes] ##########
 
I uninstalled AVG and Symantec per your suggestion. I then disabled Avast to run the Junk Removal Tool.
 
JRT successfully created a restore point, but when it tried to validate the restore point it says
FAILED 0x80070002
 
It gives me the option to proceed anyway, but I assume I shouldn't?
 
Thanks again!


#5 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 20 October 2016 - 02:32 PM

Run the JRT scan. Once you have done that and posted the results....do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 October 2016 - 04:45 PM

Here are the results from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64 
Ran by aurora.rivendale (Administrator) on Thu 10/20/2016 at 15:01:17.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 63 
 
Successfully deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml (File) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Roaming\Mozilla\Firefox\Profiles\8mnxxw27.default\extensions\staged (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job (Task) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MSTD0U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08W5FCH9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WGOGYBA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CPK7DXU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EWYEZZ6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3QEGPTXB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RWSMHUO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Q3YG7KH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5V83NL81 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8G7KRMPD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B48FPHKO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFIGEW42 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGDQXGUF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLNTRYC1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I04BE03T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAU4MNPO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4G4XRXT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZEIYKOC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY8MJA23 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHP8P6Y3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJZSP2EZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM1ECICO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQP1DTT7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCTHBZEX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL3OAGNQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\aurora.rivendale\AppData\Roaming\appdataFr25.bin (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08MSTD0U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08W5FCH9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WGOGYBA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CPK7DXU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EWYEZZ6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3QEGPTXB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RWSMHUO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Q3YG7KH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5V83NL81 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8G7KRMPD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B48FPHKO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFIGEW42 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGDQXGUF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLNTRYC1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I04BE03T (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAU4MNPO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4G4XRXT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZEIYKOC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY8MJA23 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHP8P6Y3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJZSP2EZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM1ECICO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQP1DTT7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCTHBZEX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL3OAGNQ (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/20/2016 at 17:12:35.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Here is the log of Startups:
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Google Update Google Inc. "C:\Users\aurora.rivendale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run ALCKRESI.EXE Lenovo Group Limited C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
Yes HKLM:Run AppleSyncNotifier Apple Inc. C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
No HKLM:Run ConnectionCenter Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
No HKLM:Run DivXUpdate DivX, LLC "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Yes HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
Yes HKLM:Run ForteConfig Fortemedia Inc C:\Program Files\Conexant\ForteConfig\fmapp.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes HKLM:Run IntelliPoint Microsoft Corporation "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Lenovo Registration Lenovo, Inc. C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
Yes HKLM:Run LENOVO.TPKNRRES Lenovo Group Limited C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
No HKLM:Run MRT Microsoft Corporation "C:\Windows\system32\MRT.exe" /R
No HKLM:Run NACAgentUI Cisco Systems, Inc. C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
Yes HKLM:Run NUSB3MON Renesas Electronics Corporation "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run PWMTRV rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
No HKLM:Run Redirector Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
Yes HKLM:Run RotateImage Ricoh co.,Ltd. C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
Yes HKLM:Run SmartAudio Conexant systems, Inc. C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run TpShocks Lenovo. TpShocks.exe
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
 
 
Here is the list of Scheduled Tasks:
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DiskUpdate C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes Task FinaleTermini c:\programdata\{dbcc7a2e-0e63-3a75-dbcc-c7a2e0e6e8b8}\6429910817093051759b.exe --startup=1 --single
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1576773326-2744501341-4114683667-1009Core Google Inc. C:\Users\aurora.rivendale\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1576773326-2744501341-4114683667-1009UA Google Inc. C:\Users\aurora.rivendale\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MCP Lenovo Information Products (Shenzhen) Co.,Ltd "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
Yes Task PCDEventLauncher PC-Doctor, Inc. "C:\Program Files\PC-Doctor\sessionchecker.exe"
Yes Task PMTask Lenovo Group Limited C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe
Yes Task SafeZone scheduled Autoupdate 1476916803 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes Task SUPERAntiSpyware Scheduled Task 00ca3157-1fea-4aa1-999e-2f369debbcc5 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:00ca3157-1fea-4aa1-999e-2f369debbcc5
Yes Task SUPERAntiSpyware Scheduled Task 60981e70-680d-4b68-99d6-5e9670bd28bb SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:60981e70-680d-4b68-99d6-5e9670bd28bb
 
Here is the list of installed programs:
7-Zip 9.20 10/5/2014
Adobe AIR Adobe Systems Incorporated 10/19/2016 23.0.0.257
Adobe Download Assistant Adobe Systems Incorporated 6/20/2012 1.2
Adobe Flash Player 23 ActiveX Adobe Systems Incorporated 10/12/2016 18.7 MB 23.0.0.185
Adobe Flash Player 23 NPAPI Adobe Systems Incorporated 10/12/2016 19.2 MB 23.0.0.185
Adobe Reader X (10.1.16) Adobe Systems Incorporated 10/12/2016 121 MB 10.1.16
Apple Application Support (32-bit) Apple Inc. 3/6/2015 94.2 MB 3.1.2
Apple Application Support (64-bit) Apple Inc. 3/6/2015 107 MB 3.1.2
Apple Mobile Device Support Apple Inc. 3/6/2015 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 7/18/2011 2.38 MB 2.1.3.127
AQNetClient TeraRecon, Inc. 8/22/2011 1.2
Avast Free Antivirus AVAST Software 10/19/2016 12.3.2280
AviSynth 2.5 12/24/2011
Bonjour Apple Inc. 10/12/2011 2.00 MB 3.0.0.10
Broadcom InConcert Maestro Broadcom Corporation 6/15/2011 645 KB 1.0.1.1500
CCleaner Piriform 10/20/2016 5.23
Cisco NAC Agent Cisco Systems, Inc. 6/28/2012 4.8.3.3
Citrix Receiver 4.5 Citrix Systems, Inc. 10/13/2016 56.2 MB 14.5.0.10018
Conexant 20672 SmartAudio HD Conexant 4/4/2014 8.32.23.5
Corel Burn.Now Lenovo Edition Corel Corporation 6/15/2011 79.6 MB 4.5.0
Corel DVD MovieFactory Lenovo Edition Corel Corporation 6/15/2011 318 MB 7.0.0
Corel WinDVD Corel Inc. 6/15/2011 301 MB 10.0.5.828
Create Recovery Media Lenovo Group Limited 6/15/2011 8.05 MB 1.20.0.00
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 6/15/2011 1.00
DivX Setup DivX, LLC 3/19/2012 2.6.1.8
Dolby Home Theater v4 Dolby Laboratories Inc 4/4/2014 28.0 MB 7.2.7000.4
Evernote v. 5.8.8 Evernote Corp. 6/9/2015 233 MB 5.8.8.7837
Google Chrome Google Inc. 6/26/2013 53.0.2785.143
Google Talk Plugin Google 10/12/2016 15.1 MB 5.41.3.0
Google Toolbar for Internet Explorer Google Inc. 10/12/2016 7.5.7619.1252
HitmanPro 3.7 SurfRight B.V. 10/20/2016 3.7.14.280
iCloud Apple Inc. 3/6/2015 89.5 MB 4.0.6.28
Integrated Camera Driver Installer Package Ver.1.1.0.1147 RICOH 6/15/2011 1.1.0.1147
Integrated Camera TWAIN Chicony Electronics Co.,Ltd. 6/15/2011 1.0.11.1223
Intel® Control Center Intel Corporation 7/18/2011 1.2.1.1007
Intel® Identity Protection Technology 1.1.2.0 Intel Corporation 6/15/2011 1.13 MB 1.1.2.0
Intel® Management Engine Components Intel Corporation 7/18/2011 7.0.0.1144
Intel® Processor Graphics Intel Corporation 8/1/2011 8.15.10.2342
Intel® PROSet/Wireless Software Intel Corporation 4/4/2014 417 MB 16.10.0
iTunes Apple Inc. 3/6/2015 234 MB 12.1.1.4
Java 8 Update 111 Oracle Corporation 10/20/2016 94.1 MB 8.0.1110.14
Last.fm Scrobbler 2.1.36 Last.fm 5/18/2014 47.6 MB
Lenovo Auto Scroll Utility 6/15/2011 1.00
Lenovo Registration Lenovo Inc. 6/15/2011 4.09 MB 1.0.2
Lenovo Solution Center Lenovo Group Limited 7/20/2014 30.4 MB 2.4.003.00
Lenovo System Interface Driver 6/15/2011 1.05
Lenovo System Update Lenovo 10/12/2016 18.1 MB 5.07.0037
Lenovo ThinkVantage Toolbox PC-Doctor, Inc. 7/11/2011 6.0.5849.23
Lenovo User Guide Lenovo 6/15/2011 606 KB 1.0.0008.00
Lenovo Warranty Information Lenovo 6/15/2011 861 KB 1.0.0005.00
Lenovo Welcome Lenovo 6/15/2011 2.02.003.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 10/17/2016 66.8 MB 2.2.1.1043
Message Center Plus Lenovo Group Limited 6/15/2011 1.70 MB 2.0.0012.00
Microsoft .NET Framework 4.5.2 Microsoft Corporation 10/13/2016 38.8 MB 4.5.51209
Microsoft IntelliPoint 8.2 Microsoft Corporation 8/11/2011 8.20.468.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 10/30/2013 14.0.7015.1000
Microsoft Silverlight Microsoft Corporation 10/13/2016 299 MB 5.1.50901.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8/13/2011 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 6/15/2011 832 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 6/15/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 6/20/2012 232 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 8/13/2011 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 6/15/2011 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 6/20/2012 224 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 8/13/2011 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/14/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/14/2015 15.0 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/14/2015 10.0.50903
MobileMe Control Panel Apple Inc. 11/20/2011 12.9 MB 3.1.8.0
Mozilla Firefox 28.0 (x86 en-US) Mozilla 4/4/2014 106 MB 28.0
Mozilla Maintenance Service Mozilla 4/4/2014 338 KB 28.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 7/13/2011 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 7/13/2011 1.33 MB 4.20.9876.0
On Screen Display 1/26/2015 6.73.01
Picasa 3 Google, Inc. 1/8/2012 3.8
Questionmark Secure Browser Questionmark Computing Ltd 9/24/2012 3.62 MB 5.3.0.4
QuickTime 7 Apple Inc. 3/6/2015 70.3 MB 7.76.80.95
RapidBoot Lenovo 6/15/2011 345 KB 1.00
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 6/15/2011 1.00
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 6/15/2011 1.00 MB 2.0.32.0
Rescue and Recovery Lenovo Group Limited 7/18/2011 99.9 MB 4.31.0010.00
RICOH_Media_Driver_v2.13.18.02 RICOH 6/15/2011 2.13.18.02
Search App by Ask 5/27/2015
Skype Click to Call Microsoft Corporation 10/19/2016 11.2 MB 8.3.0.9150
Skype™ 7.29 Skype Technologies S.A. 10/19/2016 85.2 MB 7.29.101
Spotify Spotify AB 12/15/2014 0.9.10.21.g22fbdb39
SpywareBlaster 5.0 BrightFort LLC 9/6/2013 8.83 MB 5.0.0
SUPERAntiSpyware SUPERAntiSpyware.com 10/17/2016 67.4 MB 6.0.1226
ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 6/15/2011 229 MB 6.4.0.1500
ThinkPad FullScreen Magnifier 1/26/2015 2.42
ThinkPad Power Management Driver 7/19/2011 1.62.00.00
ThinkPad Power Manager 2/17/2012 3.66
ThinkPad UltraNav Driver 7/19/2011 46.4 MB 15.3.6.0
ThinkPad UltraNav Utility Lenovo 6/15/2011 2.13.0
ThinkVantage Active Protection System Lenovo 6/15/2011 15.6 MB 1.73
ThinkVantage AutoLock Lenovo 6/15/2011 26.0 MB 1.01
ThinkVantage Communications Utility Lenovo 7/19/2011 12.3 MB 2.07
VIP Access Symantec Corporation 11/15/2012 32.9 MB 2.1.0.139
Visual Studio 2012 x64 Redistributables AVG Technologies 10/19/2016 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 10/19/2016 10.5 MB 14.0.0.1
VLC media player 2.0.2 VideoLAN 7/7/2012 2.0.2
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) Intel 6/15/2011 12/21/2010 11.8.84.0
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) Intel 6/15/2011 10/19/2010 7.0.0.1144
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) Intel 6/15/2011 09/10/2010 9.2.0.1011
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) Intel 7/18/2011 09/10/2010 9.2.0.1011
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) Intel 6/15/2011 10/04/2010 9.2.0.1015
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) Intel 6/15/2011 09/16/2010 9.2.0.1013
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) Lenovo 6/15/2011 11/11/2010 1.61.00.11
Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) Synaptics 6/15/2011 03/24/2011 15.2.19.0
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 6/15/2011 5.57 MB 15.4.5722.2
 
 
Really can't express enough how grateful I am for your help!
 
Best,
Jon


#7 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 20 October 2016 - 05:25 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Google Update Google Inc. "C:\Users\aurora.rivendale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKLM:Run AppleSyncNotifier Apple Inc. C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe

Yes HKLM:Run Lenovo Registration Lenovo, Inc. C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe

Yes Task FinaleTermini c:\programdata\{dbcc7a2e-0e63-3a75-dbcc-c7a2e0e6e8b8}\6429910817093051759b.exe --startup=1 --single
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-1576773326-2744501341-4114683667-1009Core Google Inc. C:\Users\aurora.rivendale\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-1576773326-2744501341-4114683667-1009UA Google Inc. C:\Users\aurora.rivendale\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MCP Lenovo Information Products (Shenzhen) Co.,Ltd "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
Yes Task PCDEventLauncher PC-Doctor, Inc. "C:\Program Files\PC-Doctor\sessionchecker.exe"
Yes Task SafeZone scheduled Autoupdate 1476916803 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes Task SUPERAntiSpyware Scheduled Task 00ca3157-1fea-4aa1-999e-2f369debbcc5 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:00ca3157-1fea-4aa1-999e-2f369debbcc5
Yes Task SUPERAntiSpyware Scheduled Task 60981e70-680d-4b68-99d6-5e9670bd28bb SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:60981e70-680d-4b68-99d6-5e9670bd28bb
 
Uninstall these programs:
Bonjour Apple Inc. 10/12/2011 2.00 MB 3.0.0.10
DivX Setup DivX, LLC 3/19/2012 2.6.1.8

Google Toolbar for Internet Explorer Google Inc. 10/12/2016 7.5.7619.1252

Mozilla Firefox 28.0 (x86 en-US) Mozilla 4/4/2014 106 MB 28.0 (UNinstall or UPdate....your choice)
Mozilla Maintenance Service Mozilla 4/4/2014 338 KB 28.0
Picasa 3 Google, Inc. 1/8/2012 3.8
QuickTime 7 Apple Inc. 3/6/2015 70.3 MB 7.76.80.95
Search App by Ask 5/27/2015
Skype Click to Call Microsoft Corporation 10/19/2016 11.2 MB 8.3.0.9150
SpywareBlaster 5.0 BrightFort LLC 9/6/2013 8.83 MB 5.0.0 (UNinstall or UPdate....your choice)
SUPERAntiSpyware SUPERAntiSpyware.com 10/17/2016 67.4 MB 6.0.1226 (SAS has lost the favor of Security pros)
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 6/15/2011 5.57 MB 15.4.5722.2
 
 
After completing the above and rebooting....tell me about any problem(s) still existing...
 
 
 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 October 2016 - 07:35 PM

Again, huge thanks!

 

I did all of the above, although I didn't remove Picasa because I believe she still uses it. Curious, is it something she should actively try to replace?

 

I saw you wrote SUPERAntispyware has fallen from grace. Is there another that is considered superior?

 

As for the laptop, I suspect you've done all you can do :) I think it may be faster though admittedly my experience with it has been pretty brief (thanks for responding to my posts so quickly, by the way!). Unless you have a suggestion for how to benchmark it, I assume we can consider the work done on this thing :)

 

As an aside, I'm certain my own personal computer could benefit from walking through this process with you. Would it be OK if I posted my own logs/information? This was really great!  HUGE thank you buddy215!!


Edited by CincyJonBC, 20 October 2016 - 07:35 PM.


#9 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 20 October 2016 - 07:53 PM

You're welcome...

 

MBAM is an excellent choice.

 

Just keep in mind that Picasa is no longer supported. But I doubt it is much of a target for malware....unlike Adobe products and Java.

 

If you want to post scans for another computer here...sure. Post scans using MBAM, AdwCleaner and JRT after cleaning with CCleaner.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 October 2016 - 04:51 PM

Thanks again! I should be able to run the scans within the next day or two.



#11 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 21 October 2016 - 06:22 PM

Okay.....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 22 October 2016 - 12:47 PM

Below are the scans for adwcleaner, MBAM, and JRT. Also for CCleaner for installed programs, startup programs, and scheduled tasks.

 

# AdwCleaner v6.030 - Logfile created 22/10/2016 at 12:58:38
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-22.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jon - JON-PC
# Running from : C:\Users\Jon\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Jon\AppData\Local\28050
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-4152391674-1727212123-3376527446-1000\Software\SoftSuma
[#] Key deleted on reboot: HKCU\Software\SoftSuma
[#] Key deleted on reboot: [x64] HKCU\Software\SoftSuma
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "CT3311875.FF19Solved" -  "true"
[-] Chrome preferences cleaned: "CT3311875.UserID" -  "UN13653503011975273"
[-] Chrome preferences cleaned: "CT3311875.browser.search.defaultthis.engineName" -  "true"
[-] Chrome preferences cleaned: "CT3311875.fullUserID" -  "UN13653503011975273.IN.20131116180019"
[-] Chrome preferences cleaned: "CT3311875.installDate" -  "16/11/2013 18:00:24"
[-] Chrome preferences cleaned: "CT3311875.installSessionId" -  "{978060D5-CF44-41F3-9037-3098F3895A0D}"
[-] Chrome preferences cleaned: "CT3311875.installSp" -  "TRUE"
[-] Chrome preferences cleaned: "CT3311875.installerVersion" -  "1.8.1.4"
[-] Chrome preferences cleaned: "CT3311875.keyword" -  "true"
[-] Chrome preferences cleaned: "CT3311875.originalHomepage" -  "about:home"
[-] Chrome preferences cleaned: "CT3311875.originalSearchAddressUrl" -  ""
[-] Chrome preferences cleaned: "CT3311875.originalSearchEngine" -  ""
[-] Chrome preferences cleaned: "CT3311875.originalSearchEngineName" -  ""
[-] Chrome preferences cleaned: "CT3311875.searchRevert" -  "false"
[-] Chrome preferences cleaned: "CT3311875.searchUninstallUserMode" -  "2"
[-] Chrome preferences cleaned: "CT3311875.searchUserMode" -  "2"
[-] Chrome preferences cleaned: "CT3311875.toolbarInstallDate" -  "16-11-2013 18:00:19"
[-] Chrome preferences cleaned: "CT3311875.versionFromInstaller" -  "10.22.3.18"
[-] Chrome preferences cleaned: "CT3311875.xpeMode" -  "0"
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3164 Bytes] - [22/10/2016 12:58:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [4156 Bytes] - [21/06/2015 11:06:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [4285 Bytes] - [21/06/2015 12:01:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [4880 Bytes] - [22/10/2016 12:58:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3456 Bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/22/2016
Scan Time: 1:08 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.22.05
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366885
Time Elapsed: 23 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.ConduitTB.Gen, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\nvc8cm0n.default\CT3311875, Quarantined, [8eaf96065f3bfe38126d943128dacb35], 
 
Files: 2
PUP.Optional.ConduitTB.Gen, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\nvc8cm0n.default\CT3311875\CT3311875.fullUserID, Quarantined, [8eaf96065f3bfe38126d943128dacb35], 
PUP.Optional.ConduitTB.Gen, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\nvc8cm0n.default\CT3311875\CT3311875.UserID, Quarantined, [8eaf96065f3bfe38126d943128dacb35], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Jon (Administrator) on Sat 10/22/2016 at 13:37:02.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 63 
 
Successfully deleted: C:\Users\Jon\AppData\Local\{056A819A-8643-43CE-B81C-8ED934CA036A} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{05C0D2AD-86FE-4F1C-AC72-B5FBC5DF3E96} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{097B2AAB-E695-4A73-B1AE-83F1C137C208} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{0B710885-0440-409B-A274-1C24319AAC18} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{148F81E9-A4A2-4A25-8435-D361FDEEBAB4} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{1C5BF603-F5A3-4551-BEEA-7BE19CEE9ED8} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{271E8746-05DB-4B1D-832A-B41E1B95B135} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{303D6721-1322-403F-8FCB-6AC6EEFC814A} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{39180CE9-5D91-4868-9C8D-720DD0A2ECC6} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{3CE378A2-100E-4B1A-8712-C5E7E158F53B} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{437275E4-464D-4644-A08E-05654E1A6DA8} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{43D27E13-ADE4-442F-AE8C-86E562C49DA3} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{451463F0-FCD0-4EC9-89EB-1DFE153DCD3E} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{4F14A352-AE24-40CA-8B99-27742EB67744} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{53D5319C-1ED1-4BC3-8FDD-7699A7055F5A} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{5FFBE4CD-F5CE-475B-91BB-751A06983968} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{65D26C76-943B-4E30-8B18-624670C62050} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{6AF76ABC-71A6-48B3-908C-B4AA2EDBDFED} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{708676DA-6120-45E9-BEEF-1C38F026B7B1} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{7143BD50-8DD6-4703-AA88-CC5D7FBEE857} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{71895B21-F350-411E-AC0A-7DD85931AE28} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{78B74AD1-5714-41E6-9F21-708C072FD880} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{855D46C3-4063-4134-90A9-3F8B28A9CF6D} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{857B50EA-C6DA-4B53-AEC3-E094B6CA5F54} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{940A4640-96D5-4786-B6B8-01D51FDDB700} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{98891CB5-2C24-44B1-9851-1114DFF5189D} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{9C039E55-7645-4EA0-86F0-94C52AF88ADB} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{9CCE56F2-6696-4A6C-BDF4-88C1B199FA55} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{9DECAD3E-41B4-405E-9A4E-7D5B2880F94C} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{9FD07EEC-4B44-483B-9BB2-546821E4A697} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{A93E9876-0B8F-43B9-B86D-70C103058C42} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{A9B217BB-00E0-435F-B5B2-4F657B94BE09} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{AEEF8037-5943-44D7-9BB0-F821FA971AC6} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{B7ED010A-E7EC-400C-9815-47A521B61E27} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{C2D291F7-F7D9-4636-8DAA-E3E7E9B5DB29} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{CDA1F95C-3599-41ED-A160-0C2DFC99C3E0} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{E80FA4A1-8DB6-47F9-BFCB-A13A24B4E8E4} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{EBF25FBC-EF20-44DA-9D46-FE30760EAABA} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{EE3DAB6C-72F4-4F38-B923-701EA294E748} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{EF3D73DB-69D2-4550-9207-59BA4A340402} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{EFA08596-4207-4E11-9866-7DF7D46E6F91} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{F35B219D-7116-4F5A-BE68-DB9EC2CFBA63} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{F527B050-739D-4DED-90DA-DB039C614D4D} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{F660E22F-8065-4C64-85D4-7EDFB8B72E9D} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{F9116122-85A5-427C-98C8-355B1350A50B} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Local\{FF11C615-5DFE-4D06-A937-AD3CCF663327} (Empty Folder)
Successfully deleted: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\nvc8cm0n.default\extensions\trash (Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY4LKESG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUOADY1W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F6766VBI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R26PGXER (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY4LKESG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUOADY1W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F6766VBI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R26PGXER (Temporary Internet Files Folder) 
 
Deleted the following from C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\nvc8cm0n.default\prefs.js
user_pref(browser.search.defaultenginename, SweetTunes Search);
user_pref(browser.search.selectedEngine, SweetTunes Search);
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/22/2016 at 13:40:39.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Installed Programs:
 
7-Zip 9.20
7-Zip 9.38 (x64 edition) Igor Pavlov 3/11/2015 47.7 MB 9.38.00.0
Adobe AIR Adobe Systems Incorporated 12/9/2011 3.1.0.4880
Adobe Digital Editions 4.5 Adobe Systems Incorporated 4.5.2
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 19.0.0.245
Adobe Flash Player 22 ActiveX Adobe Systems Incorporated 22.0.0.210
Adobe Reader 9.5.2 Adobe Systems Incorporated 8/24/2012 103 MB 9.5.2
Amazon MP3 Downloader 1.0.15 Amazon Services LLC 1.0.15
Amazon Music Importer Amazon Services LLC 8/5/2013 2.1.0
Anki
AOMEI Backupper Standard AOMEI Technology Co., Ltd. 8/15/2015
Apple Application Support (32-bit) Apple Inc. 9/28/2015 114 MB 4.0.3
Apple Application Support (64-bit) Apple Inc. 9/28/2015 121 MB 4.0.3
Apple Mobile Device Support Apple Inc. 9/28/2015 28.0 MB 9.0.0.26
Apple Software Update Apple Inc. 9/28/2015 2.40 MB 2.1.4.131
ASIO4ALL Michael Tippach 2.13
Audacity 2.1.0 Audacity Team 8/18/2015 2.1.0
AudibleManager Audible, Inc. 2004889571.48.56.35261674
Bonjour Apple Inc. 9/28/2015 2.01 MB 3.1.0.1
Camtasia Studio 8 TechSmith Corporation 6/8/2016 399 MB 8.6.0.2056
Canon MP Navigator EX 1.0
Canon MP470 series
CanoScan LiDE 110 Scanner Driver
CCleaner Piriform 5.20
CDBurnerXP CDBurnerXP 7/31/2014 4.5.4.4954
Citrix Online Launcher Citrix 5/20/2016 296 KB 1.0.408
Citrix Receiver Citrix Systems, Inc. 13.1.200.22
Combined Community Codec Pack 2010-10-10 CCCP Project 4/11/2011 2010.10.10.0
CrystalDiskInfo 7.0.0 Crystal Dew World 7/30/2016 7.0.0
Data Lifeguard Diagnostic for Windows 1.28 Western Digital Corporation 6/21/2015
Dropbox Dropbox, Inc. 9.4.49
Dual-Core Optimizer AMD 7/21/2012 86.0 KB 1.1.4.0169
DVD Decrypter (Remove Only)
DVD Shrink 3.2 DVD Shrink
Evernote v. 6.3.3 Evernote Corp. 9/30/2016 225 MB 6.3.3.3502
EVGA Precision 2.0.0 EVGA Corporation 2.0.0
f.lux
FEZ Polytron Corporation
FFmpeg (Windows) for Audacity version 2.2.2 9/21/2016 2.2.2
Fitbit Connect Fitbit Inc. 6/21/2014 7.04 MB 1.0.3.5511
Google Chrome Google Inc. 4/10/2011 53.0.2785.143
Google Photos Backup Google, Inc. 1.1.2.13
Google Talk Plugin Google 1/7/2016 15.1 MB 5.41.3.0
Google+ Auto Backup Google 1/12/2014 6.76 MB 1.0.21.81
GoToMeeting 7.17.0.4911 CitrixOnline 7.17.0.4911
Gunpoint version v1.1 12/17/2014 v1.1
HandBrake 0.9.9.1 0.9.9.1
HitmanPro 3.7 SurfRight B.V. 6/21/2015 3.7.9.242
Home - A Unique Horror Adventure
ImgBurn LIGHTNING UK! 11/16/2013 2.5.8.0
Inkscape 0.91 inkscape.org 3/28/2016 290 MB 0.91
iTunes Apple Inc. 9/28/2015 218 MB 12.3.0.44
Java 8 Update 31 Oracle Corporation 3/1/2015 6.07 MB 8.0.310
K-Lite Codec Pack 10.6.0 Full 7/21/2014 10.6.0
LAME v3.99.3 (for Windows) 8/18/2015
Lara Croft and the Guardian of Light Crystal Dynamics
Lectora Inspire 16 Trivantis 16.1.1
LG USB Modem driver
Lightworks Lightworks 10.0.22.0
MakeMKV v1.8.10 GuinpinSoft inc v1.8.10
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 10/22/2016 2.2.1.1043
Microsoft .NET Framework 4.6.1 Microsoft Corporation 7/13/2016 4.6.01055
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 10/16/2012 31.3 MB 3.5.92.0
Microsoft Games for Windows Marketplace Microsoft Corporation 10/16/2012 6.03 MB 3.5.50.0
Microsoft Lync Web App Plug-in Microsoft Corporation 6/10/2016 23.5 MB 15.8.8308.920
Microsoft Mouse and Keyboard Center Microsoft Corporation 8/25/2015 2.5.166.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 10/12/2016 14.0.7015.1000
Microsoft OneNote Home and Student 2016 - en-us Microsoft Corporation 16.0.7369.2038
Microsoft Security Essentials Microsoft Corporation 9/27/2016 4.10.205.0
Microsoft Silverlight Microsoft Corporation 10/12/2016 597 MB 5.1.50901.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 5/7/2011 1.69 MB 3.1.0000
Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 6/27/2015 3.39 MB 3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Corporation 6/27/2015 4.51 MB 3.5.8080.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 5/4/2011 250 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/23/2011 2.62 MB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 4/16/2011 210 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 4/19/2011 790 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 12/8/2013 1.42 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/11/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 7/21/2012 230 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11/13/2011 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 7/26/2013 1.41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 7/21/2012 588 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/21/2012 586 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/28/2012 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/15/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/15/2015 15.0 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 12.0.21005.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/15/2015 10.0.50903
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 5/14/2011 7.55 MB 3.1.10527.0
Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft Corporation 12/22/2013 8.03 MB 4.0.30901.0
Mozilla Firefox 49.0.2 (x86 en-US) Mozilla 49.0.2
Mozilla Maintenance Service Mozilla 49.0.2.6136
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 6/25/2012 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 6/25/2012 1.33 MB 4.20.9876.0
NVIDIA 3D Vision Controller Driver 301.42 NVIDIA Corporation 7/21/2012 301.42
NVIDIA 3D Vision Driver 311.06 NVIDIA Corporation 4/14/2013 311.06
NVIDIA Drivers NVIDIA Corporation 1.7
NVIDIA Graphics Driver 311.06 NVIDIA Corporation 4/14/2013 311.06
NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Corporation 7/21/2012 1.3.16.0
NVIDIA PhysX System Software 9.12.0213 NVIDIA Corporation 7/21/2012 9.12.0213
NVIDIA Update 1.11.3 NVIDIA Corporation 4/14/2013 1.11.3
Oasis2Service DDNi 6/27/2015 5.51 MB 1.0.4
One Finger Death Punch Silver Dollar Games
OneClickdigital Media Manager Recorded Books 1/20/2016 19.0 MB 67.0.0.0
OpenAL
OverDrive for Windows OverDrive, Inc. 4/1/2015 9.00 MB 3.4.1
paint.net dotPDN LLC 10/14/2016 28.3 MB 4.0.12
Papers, Please 3909
PDF-Viewer Tracker Software Products Ltd 10/19/2013 2.5.212.0
Picasa 3 Google, Inc. 3.9
PunkBuster Services Even Balance, Inc. 0.986
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/18/2015 6.0.1.5859
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 1.5.49.0
SeaTools for Windows 1.4.0.2 Seagate Technology 1.4.0.2
Skype™ 7.24 Skype Technologies S.A. 5/28/2016 140 MB 7.24.104
Snagit 12 TechSmith Corporation 6/8/2016 118 MB 12.4.1
Snagit 13 TechSmith Corporation 7/18/2016 13.0.1.6326
Soluto Soluto 3/25/2014 40.5 MB 1.3.1494.0
Speccy Piriform 1.28
Spotify Spotify AB 7/31/2014 0.9.11.27.g2b1a638c
Spybot - Search & Destroy Safer Networking Limited 4/11/2011 1.6.2
SUABnR Samsung Electronics Co., Ltd. 5/24/2015 1.1.0.13103_1
Sublime Text 2.0.2 11/3/2015
SumatraPDF Krzysztof Kowalczyk 1.4
Switch Sound File Converter NCH Software
Trine 2 Frozenbyte
Unity Web Player Unity Technologies ApS
Verizon Wireless Software Upgrade Assistant - Samsung(ar) Samsung Electronics Co., Ltd. 5/24/2015 38.1 MB 2.15.0401
Verizon Wireless Software Utility Application for Android - Samsung Samsung Electronics Co., Ltd. 5/24/2015 13.5 MB 2.14.1202
VLC media player VideoLAN 2.2.4
WinDirStat 1.1.2
Windows Live Essentials Microsoft Corporation 5/7/2011 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 5/7/2011 5.57 MB 15.4.5722.2
Zero-Click version 1.3 AgaMatrix 1/27/2016 1.3
µTorrent BitTorrent Inc. 3.4.6.42178
 
Startup Programs
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\Jon\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
No HKCU:Run GameFly Download Manager "C:\Users\Jon\AppData\Local\Apps\2.0\3XHOMPKQ.MGC\TPCYXY9N.M0C\game..tion_2b523ae39a779562_0001.0000_8a34b578af7aefe3\GameFly.Digital.Client.Driver.exe" -minimized
Yes HKCU:Run Google Photos Backup Google, Inc "C:\Users\Jon\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
Yes HKCU:Run Google Update Google Inc. "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
No HKCU:Run Steam "C:\Program Files (x86)\Steam\Steam.exe" -silent
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run amd_dc_opt AMD C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run ConnectionCenter Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run itype "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
Yes HKLM:Run MSC Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No HKLM:Run QuickTime Task "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Yes HKLM:Run Skytel Realtek Semiconductor Corp. C:\Program Files\Realtek\Audio\HDA\Skytel.exe
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
No Startup User EvernoteClipper.lnk Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE 
No Startup User GameStop Now.lnk C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
 
 
Scheduled Tasks
 
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskUserS-1-5-21-4152391674-1727212123-3376527446-1000Core1d149b5d0a8f910 Google Inc. C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-4152391674-1727212123-3376527446-1000UA1d149b5d102b1d0 Google Inc. C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task TechSmith Updater TechSmith Corporation C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe all
 
 
Thanks again!


#13 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 22 October 2016 - 02:21 PM

Adobe programs are malware magnets....especially when not updated with the latest security updates. Consider

either uninstalling or updating...especially Reader and Flash.

Adobe AIR Adobe Systems Incorporated 12/9/2011 3.1.0.4880
Adobe Digital Editions 4.5 Adobe Systems Incorporated 4.5.2
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 19.0.0.245
Adobe Flash Player 22 ActiveX Adobe Systems Incorporated 22.0.0.210
Adobe Reader 9.5.2 Adobe Systems Incorporated 8/24/2012 103 MB 9.5.2
 
Uninstall these programs:
Java 8 Update 31 Oracle Corporation 3/1/2015 6.07 MB 8.0.310
Spybot - Search & Destroy Safer Networking Limited 4/11/2011 1.6.2
Windows Live Essentials Microsoft Corporation 5/7/2011 15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 5/7/2011 5.57 MB 15.4.5722.2
µTorrent BitTorrent Inc. 3.4.6.42178 (Most free stuff downloaded using uTorrent contains malware and or adware...some of the worse)
 
Suggest Disable these Windows Startups:
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Google Photos Backup Google, Inc "C:\Users\Jon\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
Yes HKCU:Run Google Update Google Inc. "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run ConnectionCenter Citrix Systems, Inc. "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
 
Disable these Tasks:
Yes Task GoogleUpdateTaskUserS-1-5-21-4152391674-1727212123-3376527446-1000UA1d149b5d102b1d0 Google Inc. C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task TechSmith Updater TechSmith Corporation C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe all
 
After completing above...Please let me know of any problems after reboot.
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 CincyJonBC

CincyJonBC
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 27 October 2016 - 12:02 PM

Everything is great. Thanks so much buddy215!



#15 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:17 AM

Posted 27 October 2016 - 12:59 PM

Good...you're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users