Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

aa_patch in msconfig


  • This topic is locked This topic is locked
16 replies to this topic

#1 pkight

pkight

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 31 October 2016 - 05:54 PM

MS Essentials found two Trojans and removed them a couple of weeks ago but ever since then something is eating up my cpu usage and memory. I also noted something new in my msconfig (I'm using Vista) about the same time - aa_patch which I immediately disabled.  Is that something to be worried about and if so how do I get rid of it?

 

Thanks.

 

Pat



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 01 November 2016 - 09:47 AM

Welcome to BC...

 

One trojan that is mentioned using aaPatch is ransom ware. Are you able to view your personal files?

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 01 November 2016 - 05:54 PM

Here's the log after running Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/1/2016
Scan Time: 3:12:13 PM
Logfile: MBAM 11.1.16.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.11.01.13
Rootkit Database: v2016.10.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Pat
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320547
Time Elapsed: 1 hr, 0 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Should I delete the quarantined items (852)?


#4 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 01 November 2016 - 08:25 PM

after Adwcleanter:

 

# AdwCleaner v6.030 - Logfile created 01/11/2016 at 16:52:28
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-01.2 [Server]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Documents\Documents\Documents\Downloads\AdwCleaner (2).exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files\Fun2Save
[-] Folder deleted: C:\Program Files\FunDeaals
[-] Folder deleted: C:\Program Files\NeewSaver
[-] Folder deleted: C:\ProgramData\webbsave
[#] Folder deleted on reboot: C:\ProgramData\Application Data\webbsave
[-] Folder deleted: C:\Program Files\webbsave
[-] Folder deleted: C:\ProgramData\3f5d0e29b426a7e1
[-] Folder deleted: C:\ProgramData\DigICoupon
[-] Folder deleted: C:\ProgramData\SearchNewTab
[#] Folder deleted on reboot: C:\ProgramData\webbsave
[-] Folder deleted: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkfpkigaimphgjenajngdpjndhgaolef
[-] Folder deleted: C:\Users\Pat\AppData\Local\Astromenda
[-] Folder deleted: C:\Users\Pat\AppData\LocalLow\HPAppData
[-] Folder deleted: C:\Users\Pat\AppData\Roaming\Solvusoft
[-] Folder deleted: C:\Users\Pat\AppData\Roaming\wse_astromenda
[-] Folder deleted: C:\Users\Pat\AppData\Roaming\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Users\Pat\AppData\Roaming\WSE_Astromenda
[-] Folder deleted: C:\ProgramData\Solvusoft
[-] Folder deleted: C:\ProgramData\WinterSoft
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Solvusoft
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinterSoft
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[#] Folder deleted on reboot: C:\Program Files\Fun2Save
[-] Folder deleted: C:\Program Files\TotalSystemCare
[-] Folder deleted: C:\Program Files\wse_astromenda
[-] Folder deleted: C:\Program Files\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Program Files\WSE_Astromenda
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\1754TAKP\www.citysearch[1].xml
[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe
[-] File deleted: C:\prefs.js
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: WSE_Astromenda
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup_B-r514-t-bc.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup_D-r514-t-bc.exe
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4BC547A2-58C0-7F30-3641-D11E4EBCAC29}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{4BC547A2-58C0-7F30-3641-D11E4EBCAC29}
[-] Key deleted: HKLM\SOFTWARE\Classes\Fun2SAve.Fun2SAve
[-] Key deleted: HKLM\SOFTWARE\Classes\Fun2SAve.Fun2SAve.4.5
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Updater Service for StartNow Toolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[-] Key deleted: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ProjectServerObjects.SPSTextTranslator
[-] Key deleted: HKLM\SOFTWARE\Classes\ProjectServerObjects.SPSTextTranslator.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\PSActivityPanes.PSTextPane
[-] Key deleted: HKLM\SOFTWARE\Classes\PSActivityPanes.PSTextPane.1
[-] Key deleted: HKLM\SOFTWARE\Classes\PSActivityPanes.SPSTextGDIPane
[-] Key deleted: HKLM\SOFTWARE\Classes\PSActivityPanes.SPSTextGDIPane.1
[-] Key deleted: HKLM\SOFTWARE\Classes\PSSourcePanes.SPSTextSourcePane
[-] Key deleted: HKLM\SOFTWARE\Classes\PSSourcePanes.SPSTextSourcePane.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{3ED98568-A949-49CB-8ED0-3A703F6D4166}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E677C7AD-2B66-4539-AA29-3771A1CFEDA9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{672B1330-7E4A-4D61-BE04-E2A132F04E1E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{94047607-3841-4CE6-AE4D-14FF23AF9458}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\BRS
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Astromenda
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-598873941-3244639055-2830076859-1000\Software\AVG Security Toolbar
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-598873941-3244639055-2830076859-1000\Software\FBSearch
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-598873941-3244639055-2830076859-1000\Software\StartNow Toolbar
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\BRS
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Astromenda
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key deleted: HKU\S-1-5-21-598873941-3244639055-2830076859-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\BRS
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\FBSearch
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\iLivid
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Search Protection
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip
[-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [jZip]
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [16969 Bytes] - [01/11/2016 16:52:28]
C:\AdwCleaner\AdwCleaner[R0].txt - [12287 Bytes] - [28/04/2014 08:39:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [12320 Bytes] - [28/04/2014 08:42:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [16191 Bytes] - [01/11/2016 16:02:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [17265 Bytes] ##########


#5 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 01 November 2016 - 08:35 PM

Please check the settings for MBAM and Enable Rootkits...it presently shows Disabled. Run another scan after Enabling the scan for Rootkits.

 

Again....Are you able to view your private documents?

 

Yes...you can delete the MBAM quarantined items but I would really like to see what was quarantined.

 

Restart MBAM

  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.

    mbamlog_zpsa7413aad.png
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 02 November 2016 - 11:53 AM

Yes I can still access all my personal files.

 

I can't seem to copy the quarantined files to post here.  Suggestions?

 

Here's the JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows Vista ™ Home Premium x86 
Ran by Pat (Administrator) on Tue 11/01/2016 at 18:30:40.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 65 
 
Failed to delete: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CW9C421 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LMYNOJY (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UK6UE4J (Temporary Internet Files Folder) 
Successfully deleted: C:\ProgramData\ad-aware browsing protection (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Pat\AppData\Local\adawarebp (Folder) 
Successfully deleted: C:\Users\Pat\Appdata\LocalLow\AVGTOOLBAR (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VQL5IFF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ABR3MZI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KIA367C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C4Z9JDX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DS4K1KU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977ZP72Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0PG21G3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUVK3HZU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIU9LQZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6SPFUXY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1FR71FO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4CNBCHU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK2BUT2P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4MYKNTE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCN7T71E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFIED72Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3CCLFLJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXL4X8FR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXQX0DT0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEXUGJB8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TU0467CX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5㎂9CK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY0UPHR8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VP5VXA7P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXVT6OUL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDN3ZV9J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY08IEFV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VQL5IFF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CW9C421 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ABR3MZI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LMYNOJY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KIA367C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UK6UE4J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C4Z9JDX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DS4K1KU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977ZP72Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0PG21G3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUVK3HZU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIU9LQZB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6SPFUXY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1FR71FO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4CNBCHU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK2BUT2P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4MYKNTE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCN7T71E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFIED72Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3CCLFLJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXL4X8FR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXQX0DT0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEXUGJB8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TU0467CX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5㎂9CK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY0UPHR8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VP5VXA7P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXVT6OUL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDN3ZV9J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY08IEFV (Temporary Internet Files Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\37534938 (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D6F180CB-E683-41A3-8CD2-C53DBAA0530D} (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{550E1B41-2599-4d9d-BD95-02002888AC9A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/01/2016 at 18:39:29.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 02 November 2016 - 12:25 PM

Perhaps (852 items) the MBAM log is too big. Suggest attempting to copy half at a time.

 

After posting the Eset Online scan results....do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 02 November 2016 - 06:55 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 02 November 2016 - 05:31 PM

I ran the ESET scan and it appears to have finished but it simple displays the advertising header with no additional info.  Could it still be processing?  When it was scanning the files the progress bar moved across the screen as it normally does.

 

I sure appreciate you taking time to help me out.

 

Pat



#9 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 02 November 2016 - 05:50 PM

ESET posted this to the notepad.  Don't know if it's anything important.

 

CP
null*
www.eset.com/
1600
1761935360
30785590
1255678480
29974870
*
/
0|tab2|flash_tab2
www.eset.com/
1600
1440517120
29980905
1577828480
29974870
*


#10 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 02 November 2016 - 06:55 PM

If Eset doesn't find anything....then there is no log.

 

Please go ahead with the directions in my last post.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 03 November 2016 - 07:28 AM

Startup menu:

 

No HKCU:Run Amazon Music Amazon Services LLC "C:\Users\Pat\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
No HKCU:Run Crypted C:\Users\Pat\AppData\Local\Temp\a.txt
No HKCU:Run Dell DataSafe Scheduler "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
No HKCU:Run DellSupport Gteko Ltd. "C:\Program Files\DellSupport\DSAgnt.exe" /startup
Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
No HKCU:Run GarminExpressTrayApp Garmin Ltd or its subsidiaries "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
No HKCU:Run Google Update Google Inc. "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
No HKCU:Run HP Photosmart 6520 series (NET) Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29D1534V05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
No HKCU:Run ISUSPM Macrovision Corporation "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
No HKCU:Run SpybotSD TeaTimer Safer-Networking Ltd. C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
No HKCU:Run StartCCC C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
No HKCU:Run SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKCU:Run swg Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe
No HKCU:Run Yahoo! Pager "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
No HKLM:Run Ad-Aware Browsing Protection "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
No HKLM:Run AdAwareTray Lavasoft Limited "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
No HKLM:Run AppleSyncNotifier Apple Inc. C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run Carbonite Backup Carbonite, Inc. C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
No HKLM:Run Dell DataSafe Online Dell Inc. "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
No HKLM:Run DellSupportCenter SupportSoft, Inc. "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
No HKLM:Run dscactivate "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
No HKLM:Run ECenter C:\Dell\E-Center\EULALauncher.exe
No HKLM:Run Google Desktop Search Google "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
No HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
No HKLM:Run hpqSRMon Hewlett-Packard C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
No HKLM:Run ISUSPM Startup Macrovision Corporation C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
No HKLM:Run ISUSScheduler Macrovision Corporation "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
No HKLM:Run RoxWatchTray Sonic Solutions "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
No HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files\real\realplayer\Update\realsched.exe" -osboot
Yes HKLM:Run Windows Defender Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Yes HKLM:Run Windows Mobile Device Center Microsoft Corporation %windir%\WindowsMobile\wmdc.exe
No Startup Common aa_patch.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aa_patch.exe
No Startup Common Desktop Manager.lnk Research In Motion Limited C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE 
No Startup Common Digital Line Detect.lnk Avanquest Software C:\PROGRA~1\DIGITA~1\DLG.exe 
No Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe 
No Startup Common hpoddt01.exe.lnk Hewlett-Packard C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe 
No Startup Common WinZip Quick Pick.lnk C:\PROGRA~1\WinZip\WZQKPI~1.EXE 
Yes Startup User bccb5d.lnk Microsoft Corporation C:\Windows\system32\mshta.exe
Yes Startup User d921d0.lnk Microsoft Corporation C:\Windows\System32\cmd.exe
Yes Startup User OneNote 2007 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
No Startup User Stickies.lnk C:\Program Files\Stickies\stickies.exe 
 
Scheduled Tasks:
 
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Carbonite Upgrade Check "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000 Google Inc. C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000Core Google Inc. C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000UA Google Inc. C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCustParticipation HP Photosmart 6520 series Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe" /UA 10.5 /DDV 0x0b05
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task RealUpgradeLogonTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealUpgradeScheduledTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0)
Yes Task {B508F217-138C-48EB-9D03-FF866B98E7D9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\INFOGR
 
Installed:
 
1.0 www.thetetrisgame.com 11/6/2010 1.64 MB
Ad-Aware Antivirus Lavasoft 4/18/2014 43.2 MB 11.1.5354.0
Adobe Flash Player 23 ActiveX Adobe Systems Incorporated 10/26/2016 23.0.0.205
Adobe Flash Player 23 NPAPI Adobe Systems Incorporated 10/26/2016 23.0.0.205
Adobe Reader X (10.1.16) Adobe Systems Incorporated 10/23/2015 10.1.16
Adobe Shockwave Player Adobe Systems, Inc. 3/22/2009 17.0 MB 11
Amazon Music Amazon Services LLC 8/23/2016 197 MB 4.3.2.1367
AnyTrans 4.7.5 iMobie Inc. 12/20/2015 46.4 MB 4.7.5
Apple Application Support Apple Inc. 2/2/2012 61.2 MB 2.1.5
Apple Mobile Device Support Apple Inc. 7/21/2008 41.5 MB 2.0.0.33
Apple Software Update Apple Inc. 2/2/2012 2.38 MB 2.1.3.127
ATI Catalyst Control Center 11/26/2007 24.0 KB 1.007.2007.0318
Backgammon Classic 7.1 Microsys Com Ltd. 5/9/2009 6.61 MB
Bing Bar Microsoft Corporation 4/2/2014 787 KB 7.3.132.0
BlackBerry Desktop Software 4.3 Research In Motion Ltd. 4/25/2014 46.6 MB 4.3.0.17
Bonjour Apple Inc. 7/1/2008 477 KB 1.0.104
Bridge From Special K 10/23/2008 6.90 MB
Bridge From Special K (C:\Program Files\Bridge From Special K\) 10/23/2008 6.90 MB
Browser Address Error Redirector Dell 11/26/2007 1.00.0000
Callarama System 12/17/2011 13.1 MB
Canon Camera Access Library Canon 12/16/2007 8.0.0.21
Canon Camera Support Core Library Canon 12/16/2007 7.3.0.4
Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon 12/16/2007 5.4.4
Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon 12/16/2007 6.0
Canon Camera Window DSLR 5 for ZoomBrowser EX Canon 12/16/2007 5.3.1
Canon Camera Window MC 6 for ZoomBrowser EX Canon 12/16/2007 6.0
Canon MovieEdit Task for ZoomBrowser EX Canon 12/16/2007 2.1.0.20
Canon PhotoRecord Cisra 12/16/2007 80.4 MB 02.02.03002
Canon RAW Image Task for ZoomBrowser EX Canon 12/16/2007 6.85 MB 2.2
Canon Utilities PhotoStitch 3.1 Canon 12/16/2007 5.19 MB 3.1.16
Canon ZoomBrowser EX (E) Canon 12/16/2007 29.3 MB 5.05.0000
Carbonite Carbonite 6/26/2016 19.7 MB 5.8.9 build 6256 (May-19-2016)
CCleaner Piriform 11/1/2016 9.89 MB 5.23
Chinese Simplified Fonts Support For Adobe Reader X Adobe Systems Incorporated 11/22/2013 86.6 MB 10.0.0
Citrix Online Launcher Citrix 6/4/2014 266 KB 1.0.183
Click 2 Crop 4.8 Boris A. Glazer 10/3/2014 4.33 MB
Conexant D850 PCI V.92 Modem 11/26/2007 680 KB
datasafeupdate Dell, Inc. 9/14/2008 256 KB 1.00.0000
Dell DataSafe Online Dell, Inc. 12/4/2009 4.97 MB 1.2.0009
Dell Getting Started Guide Dell Inc. 11/26/2007 1.00.0000
Dell Support Center (Support Software) Dell 10/15/2009 2.2.09085
DellSupport Dell 11/26/2007 6.0.3075
DeLorme Street Atlas USA 2008 Plus DeLorme Publishing, Inc. 12/30/2007 1.99 GB 1.0.2008
Digital Line Detect BVRP Software, Inc 11/26/2007 272 KB 1.21
Dirt Track Racing 2 3/22/2009 3.43 MB
EarthLink Setup Files EarthLink, Inc. 11/26/2007 2005.2.178.0.2.2
Farkle 3.0.13.10 12/9/2011 2.54 MB
Fast Browser Search Protection Make The Web Better, LLC 12/23/2008 724 KB 2.0
Garmin Express Garmin Ltd or its subsidiaries 2/21/2014 860 KB 2.4.6.0
Google Chrome Google Inc. 4/16/2009 105 MB 49.0.2623.112
Google Desktop Google 11/26/2007 8.57 MB -
Google Earth Google 8/21/2016 179 MB 7.1.5.1557
Google Toolbar for Internet Explorer Google Inc. 7/1/2016 12.8 MB 7.5.7619.1252
Google Updater Google Inc. 9/16/2011 3.96 MB 2.4.2432.1652
GoToAssist 8.0.0.480 12/13/2007 3.27 MB
GoToAssist Customer 2.2.0.758 Citrix Online 10/3/2014 16.7 MB 2.2.0.758
Hoyle Card Games 2005 Encore, Inc. 3/5/2008 516 MB 1.2.0.0
HP Customer Participation Program 10.0 HP 10/23/2008 10.0
HP Document Manager 1.0 HP 10/23/2008 3.20 MB 1.0
HP Imaging Device Functions 10.0 HP 10/23/2008 3.21 MB 10.0
HP Memories Disc Hewlett-Packard Company 4/24/2008 22.6 MB 1.0.4.805
HP Photo Creations HP 2/21/2013 2.78 MB 1.0.0.7702
HP Photosmart 6520 series Basic Device Software Hewlett-Packard Co. 2/21/2013 93.0 MB 28.0.989.0
HP Photosmart 6520 series Help Hewlett Packard 2/21/2013 12.2 MB 28.0.0
HP Photosmart 6520 series Product Improvement Study Hewlett-Packard Co. 2/21/2013 6.24 MB 28.0.989.0
HP Photosmart Essential 2.5 HP 10/23/2008 3.20 MB 2.5
HP Smart Web Printing HP 10/23/2008 8.27 MB 3.5
HP Solution Center 10.0 HP 10/23/2008 3.20 MB 10.0
HP Update Hewlett-Packard 8/22/2014 3.94 MB 5.005.002.002
Intel® PRO Network Connections 12.1.11.0 Intel 11/26/2007 5.03 MB
Internet Explorer (Enable DEP) 10/14/2011 5.34 MB
Internet Service Offers Launcher Dell Inc. 11/26/2007 1.00.0000
inTuneMP3 W3i Holdings 9/16/2011 74.0 MB 1.5.0
IrfanView (remove only) 3/10/2009 1.57 MB
iTunes Apple Inc. 7/21/2008 83.0 MB 7.7.0.43
Leawo PowerPoint to Video Pro version 2.8.0.0 Leawo Software 9/6/2016 58.3 MB 2.8.0.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 11/1/2016 56.7 MB 2.2.1.1043
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 8/15/2009 27.8 MB
Microsoft .NET Framework 4.5.2 Microsoft Corporation 1/27/2015 251 MB 4.5.51209
Microsoft Fix it Center Microsoft Corporation 10/14/2011 22.0 MB 1.0.0100
Microsoft Office File Validation Add-In Microsoft Corporation 6/14/2016 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 3/6/2012 302 MB 12.0.6612.1000
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 9/18/2016 12.0.6612.1000
Microsoft Security Essentials Microsoft Corporation 9/29/2016 16.6 MB 4.10.205.0
Microsoft Silverlight Microsoft Corporation 9/17/2016 5.1.50709.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2/8/2013 1.74 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 7/30/2009 251 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 6/27/2011 294 KB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 10/8/2013 1.41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/4/2011 590 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/6/2011 594 KB 9.0.30729.6161
Microsoft Visual C++ Run Time  Lib Setup Microsoft 9/6/2016 53.0 KB 1.0.0
Modem Diagnostic Tool Dell 11/26/2007 1.0.17.8
Move Networks Media Player for Internet Explorer 10/14/2008 1.06 MB
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 12/14/2007 1.26 MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 12/15/2007 1.26 MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11/11/2008 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11/28/2009 1.33 MB 4.20.9876.0
Music, Photos & Videos Launcher Dell Inc. 11/26/2007 1.00.0000
NetWaiting BVRP Software, Inc 11/26/2007 4.77 MB 2.5.44
OCR Software by I.R.I.S. 10.0 HP 10/23/2008 3.20 MB 10.0
Open Freely Download Freely, LLC 7/12/2012 69.4 MB 1.0
Open Kart GameTop Pte. Ltd. 8/27/2016 628 MB 1.0
OpenOffice OpenOffice 7/4/2011 1.08 MB 1.0
OpenOffice.org 3.3 OpenOffice.org 7/4/2011 372 MB 3.3.9567
PhotoRescue Wizard PC 3.2.8.13112 DataRescue sa/nv 7/15/2011 3.53 MB
Picasa 3 Google, Inc. 5/3/2013 55.9 MB 3.9
Product Documentation Launcher Dell Inc. 11/26/2007 1.00.0000
QuickTime Apple Inc. 2/2/2012 73.2 MB 7.71.80.42
Race Cars The Extreme Rally 3/1/2012 1.87 MB
RealPlayer RealNetworks 10/9/2013 108 MB 16.0.3
Realtek High Definition Audio Driver 11/26/2007
Roxio Creator Audio Roxio 11/26/2007 3.3.0
Roxio Creator BDAV Plugin Roxio 11/26/2007 3.3.0
Roxio Creator Copy Roxio 11/26/2007 3.3.0
Roxio Creator Data Roxio 11/26/2007 3.3.0
Roxio Creator DE Roxio 11/26/2007 3.3.0
Roxio Creator Tools Roxio 11/26/2007 3.3.0
Roxio Express Labeler Roxio 11/26/2007 2.1.0
Roxio Update Manager Roxio 11/26/2007 3.0.0
Shop for HP Supplies HP 10/23/2008 10.0
Spybot - Search & Destroy Safer Networking Limited 6/13/2009 19.0 MB 1.6.2
Spybot - Search & Destroy 1.5.2.20 Safer Networking Ltd. 2/19/2008 47.5 MB
Tiger Woods PGA TOUR 2000 3/4/2008 216 MB
User's Guides 11/26/2007 840 KB
VZAccess Manager for RIM Smith Micro Software Inc. 3/24/2009 26.1 MB 6.9.0
Windows Live Essentials Microsoft Corporation 2/9/2013 15.4.3502.0922
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 2/8/2013 5.57 MB 15.4.5722.2
Windows Mobile Device Center Microsoft Corporation 11/26/2007 27.5 MB 6.1.6965.0
Windows Mobile Device Center Driver Update Microsoft Corporation 11/26/2007 42.4 MB 6.1.6965.0
Xilisoft Audio Converter 6 Xilisoft 10/8/2013 114 MB 6.5.0.20130130
Xilisoft PowerPoint to Video Converter Free Xilisoft 11/16/2014 71.9 MB 1.1.1.20120601
Yahoo! Browser Services 8/28/2008 67.2 MB
Yahoo! Install Manager 8/28/2008 67.2 MB
Yahoo! Music Jukebox Yahoo! 11/26/2007 2.1.1.013
zoom.us Zoom Video Communications, Inc. 9/6/2012 11.2 MB 0.9


#12 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 03 November 2016 - 08:59 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe

Yes HKCU:Run WMPNSCFG Microsoft Corporation C:\Program Files\Windows Media Player\WMPNSCFG.exe

Yes Startup User OneNote 2007 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

 

If you don't know what the two startups below are....please submit them to be scanned by numerous security programs at VirusTotal - Free Online Virus and Malware Scan

Yes Startup User bccb5d.lnk Microsoft Corporation C:\Windows\system32\mshta.exe
Yes Startup User d921d0.lnk Microsoft Corporation C:\Windows\System32\cmd.exe
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000 Google Inc. C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000Core Google Inc. C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-598873941-3244639055-2830076859-1000UA Google Inc. C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCustParticipation HP Photosmart 6520 series Hewlett-Packard Co. "C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe" /UA 10.5 /DDV 0x0b05
Yes Task RealPlayerRealUpgradeLogonTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task RealUpgradeLogonTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes Task RealUpgradeScheduledTaskS-1-5-21-598873941-3244639055-2830076859-1000 RealNetworks, Inc. C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes Task {B508F217-138C-48EB-9D03-FF866B98E7D9} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\INFOGR
 
Uninstall these programs:
Ad-Aware Antivirus Lavasoft 4/18/2014 43.2 MB 11.1.5354.0
Adobe Reader X (10.1.16) Adobe Systems Incorporated 10/23/2015 10.1.16 (Or Update...your choice)
Adobe Shockwave Player Adobe Systems, Inc. 3/22/2009 17.0 MB 11 (Or Update....your choice)
Bing Bar Microsoft Corporation 4/2/2014 787 KB 7.3.132.0
Bonjour Apple Inc. 7/1/2008 477 KB 1.0.104 (Or Update....your choice)
Browser Address Error Redirector Dell 11/26/2007 1.00.0000
Fast Browser Search Protection Make The Web Better, LLC 12/23/2008 724 KB 2.0
Google Chrome Google Inc. 4/16/2009 105 MB 49.0.2623.112 (Or Update....your choice)
Google Desktop Google 11/26/2007 8.57 MB -
Google Toolbar for Internet Explorer Google Inc. 7/1/2016 12.8 MB 7.5.7619.1252
Google Updater Google Inc. 9/16/2011 3.96 MB 2.4.2432.1652

GoToAssist 8.0.0.480 12/13/2007 3.27 MB

GoToAssist Customer 2.2.0.758 Citrix Online 10/3/2014 16.7 MB 2.2.0.758 (Keep... if you use it)

HP Customer Participation Program 10.0 HP 10/23/2008 10.0

iTunes Apple Inc. 7/21/2008 83.0 MB 7.7.0.43 (Or Update....your choice)

QuickTime Apple Inc. 2/2/2012 73.2 MB 7.71.80.42

RealPlayer RealNetworks 10/9/2013 108 MB 16.0.3

Shop for HP Supplies HP 10/23/2008 10.0
Spybot - Search & Destroy Safer Networking Limited 6/13/2009 19.0 MB 1.6.2

Spybot - Search & Destroy 1.5.2.20 Safer Networking Ltd. 2/19/2008 47.5 MB

Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 2/8/2013 5.57 MB 15.4.5722.2

Yahoo! Browser Services 8/28/2008 67.2 MB
Yahoo! Install Manager 8/28/2008 67.2 MB
Yahoo! Music Jukebox Yahoo! 11/26/2007 2.1.1.013

zoom.us Zoom Video Communications, Inc. 9/6/2012 11.2 MB 0.9 (Keep....if you use it)

 

 

 

 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 03 November 2016 - 01:08 PM

Startup d921d0.Ink and bccb5d.Inl - searched Virus Total and it said (for both), 

 Passive DNS replication
VirusTotal's passive DNS only stores address records. This domain has been seen to resolve to the following IP addresses.
No IP addresses! VirusTotal has never resolved this domain.
 


#14 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:45 AM

Posted 03 November 2016 - 01:39 PM

You need to submit the file...not just the name of the file. Find the file on your computer. Then allow Virus Total to download it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#15 pkight

pkight
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Murrieta, CA
  • Local time:04:45 AM

Posted 03 November 2016 - 05:23 PM

OK.  Got most everything done on your list.  When I open task manager i see "regsvr32.exe" is using 30%-40% of the cpu and "svchost.exe" is using 50% when I have nothing open.  What's up with that?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users