Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

non-urgent: spring clean


  • Please log in to reply
13 replies to this topic

#1 moveon

moveon

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 22 December 2016 - 02:26 PM

This machine (machine 1) seems basically ok but I am checking it hasn't got anything.

 

Would also appreciate recommendations for firewalls and real time antivirus that are free and not bloated  or slowing.

Still using MSE but it won't always update itself,  long running intermittent problem.

 

I have another machine (machine 2) that got a malware alert last week on Windows when I was searching for some appliance instructions on non official sites; ran Malwarebytes and it found one thing I deleted. It doesn't seem to have had problems since but I have hardly used it online and it could maybe do with a more thorough check.

Will need to make separate post from machine 2. (Added: AdwCleaner found 0 threats on machine 2. Surprised. I am now running Zemana on both.)

 

This is the AdwCleaner log for machine 1; not sure if any of these need removed:

 

# AdwCleaner v6.041 - Logfile created 22/12/2016 at 19:03:36
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-21.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Name - Name-VAIO
# Running from : C:\Users\Name\Downloads\AdwCleaner(1).exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found:  C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\9qsvwlrj.default\extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found:  HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
Key Found:  HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
Key Found:  HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
Key Found:  [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
Key Found:  [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found:  HKU\S-1-5-21-767410154-31417072-4134030653-1000\Software\APN PIP
Key Found:  HKU\S-1-5-21-767410154-31417072-4134030653-1000\Software\Kromtech
Key Found:  HKU\S-1-5-21-767410154-31417072-4134030653-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-767410154-31417072-4134030653-1000\Software\SBConvert
Key Found:  HKCU\Software\APN PIP
Key Found:  HKCU\Software\Kromtech
Key Found:  HKLM\SOFTWARE\AIM Toolbar
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-767410154-31417072-4134030653-1000\Software\SBConvert
Key Found:  [x64] HKCU\Software\APN PIP
Key Found:  [x64] HKCU\Software\Kromtech
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [8735 Bytes] - [20/03/2015 01:03:06]
C:\AdwCleaner\AdwCleaner[R1].txt - [8795 Bytes] - [20/03/2015 01:11:16]
C:\AdwCleaner\AdwCleaner[R2].txt - [8854 Bytes] - [20/03/2015 01:48:22]
C:\AdwCleaner\AdwCleaner[R3].txt - [8408 Bytes] - [20/03/2015 02:05:20]
C:\AdwCleaner\AdwCleaner[R4].txt - [2091 Bytes] - [11/04/2015 14:42:44]
C:\AdwCleaner\AdwCleaner[R5].txt - [2038 Bytes] - [15/04/2015 09:38:12]
C:\AdwCleaner\AdwCleaner[R6].txt - [2097 Bytes] - [15/04/2015 14:00:54]
C:\AdwCleaner\AdwCleaner[R7].txt - [2150 Bytes] - [15/04/2015 14:34:28]
C:\AdwCleaner\AdwCleaner[R8].txt - [2215 Bytes] - [15/04/2015 16:11:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [9517 Bytes] - [20/03/2015 01:54:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [12179 Bytes] - [20/03/2015 02:10:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [2135 Bytes] - [11/04/2015 15:37:22]
C:\AdwCleaner\AdwCleaner[S3].txt - [2295 Bytes] - [15/04/2015 16:12:42]
C:\AdwCleaner\AdwCleaner[S4].txt - [4794 Bytes] - [22/12/2016 19:03:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [4867 Bytes] ##########

 

Machine 1 shows nothing in MBM and Zemana except a couple of items that are ok  and meant to be on the computer, but which always get highlighted by these programs.

MBAR found nothing on machine 1.
 

Machine 1:RogueKiller

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Name [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/22/2016 21:11:54 (Duration : 01:07:25)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 26 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AIM Toolbar -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\APN PIP -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\Kromtech -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\APN PIP -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\Kromtech -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-767410154-31417072-4134030653-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.8.16.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59C87836-765E-4508-8EF4-43941BA20F06} | DhcpNameServer : 10.42.16.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59C87836-765E-4508-8EF4-43941BA20F06} | DhcpNameServer : 10.8.16.1 ([])  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C32C982-8F53-470C-AE5F-D4C173316C0D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {91A96691-66B9-4162-9502-98E26DFD6C38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C358A1A2-C207-4406-A2EC-76DF10940ED2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9466C6D-616B-4F53-8A2F-3C63243F3C73} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BEACA9E-7996-4E20-A526-8C5DE9C6157D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FE2EE5D-2C94-449D-82F4-79B05105A5DE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C32C982-8F53-470C-AE5F-D4C173316C0D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {91A96691-66B9-4162-9502-98E26DFD6C38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C358A1A2-C207-4406-A2EC-76DF10940ED2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9466C6D-616B-4F53-8A2F-3C63243F3C73} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BEACA9E-7996-4E20-A526-8C5DE9C6157D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FE2EE5D-2C94-449D-82F4-79B05105A5DE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][Firefox:Addon] 9qsvwlrj.default : Mind the Time [jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack] -> Found
[PUM.SearchEngine][Firefox:Config] 9qsvwlrj.default : user_pref("browser.search.selectedEngine", "DuckDuckGo"); -> Found
[PUM.SearchEngine][Firefox:Config] 9qsvwlrj.default : user_pref("browser.search.defaultenginename", "DuckDuckGo"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] f45625ec58809db80e2910d796937096
[BSP] 54fdbb0b773e103eef3caa51fa328f9d : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13934 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 28538880 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 28743680 | Size: 462904 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

 

Security check

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 8 Update 40  
 Java version 32-bit out of Date!
 Adobe Flash Player 24.0.0.186  
 Mozilla Firefox (47.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 IObit IObit Malware Fighter IMFsrv.exe  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Farbar

 

Farbar Service Scanner Version: 27-01-2016
Ran by Name (administrator) on 22-12-2016 at 23:32:50
Running from "C:\Users\Name\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Name (Administrator) on 23/12/2016 at  0:06:21.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 78

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{00D0BE00-36EB-49DB-9971-393AAFC1182D} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{00E36944-D263-44CC-8A8C-3848D72B6CF6} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{06805934-725A-48CD-B622-01B564B13698} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{0BA20B6D-A9B6-4853-897F-E2BFC30C38FC} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{0FBBF0BB-8BA8-4EA9-92AE-49DC9C8673C1} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{1270EF8E-E57E-4D96-8335-598476B9051A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{15967025-1589-4E8C-832F-1982F3D44CCD} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{17F13F64-92E2-47A9-8CE2-6DDADC46FC69} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{1C9EF5DD-2EDF-4B2F-9A28-635033EF6B3E} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{1E7C0494-59D8-4603-9EF5-0F06940EB178} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{24F44F07-90C9-4374-A1FD-F844DD64EBB4} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{27F35AFC-D6B4-4965-8188-2EB5516A4170} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{2DC56BD1-14E6-4596-97EC-DB29630C69AF} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{3182C69B-28E0-4957-917B-32E76822A950} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{363189EA-242B-4F13-867F-F9B0B0BDB080} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{3B2C9399-1737-441F-8E6F-A24A389CECAC} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{46F97993-7ADA-419A-8229-39273A672E0E} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{4A8CC761-2AA5-4087-8938-7A9C1EB1568A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{4E0A585E-AFDE-48F0-ACB7-F7CED9385593} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{519F62E1-EDEC-4F80-BE45-8DB53C69A4D3} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{51B44125-0E35-4C9B-BB5F-6EC5C2E1FB28} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{5420EDA6-9D24-4ECC-84BA-91E99050C3CB} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{55490DDE-EAC0-40C4-8CEF-A25C2C074D60} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{5F906F01-CF03-4B0A-BCAA-0FE8B3F4477E} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{5FA3DEF6-3282-4192-995C-3ACF74F1BF4C} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{60A448F0-0D3D-4B64-87A6-A30ED649458B} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{627DA621-3343-4E78-82FE-EECA16B690C6} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{661BE02A-151A-4EBF-9DE0-38CE2943B2AC} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{69B23DC0-0835-4B03-BA76-C9D610E8741A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{70E91F75-C5AC-46B4-B826-3E149A5D2D6F} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{71C8FB7A-EF92-4F98-A74A-A0459AE2AB22} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{71FE9368-EAF4-41DB-BDA1-E6C3F82C6EC1} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{83CF44CF-18AB-4140-804F-957C732E0140} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{87B94D7F-A5ED-447F-B956-D6CF4DB50FAC} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{8A2C5A5A-CE18-4DE7-87FB-EF1A9874AD4F} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{8F9C3C78-3192-449E-B519-CA642BF0F95A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{915E48F8-96FB-4399-A1C2-D7BE93E21976} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{92BEE0CE-3FC9-424E-94F9-2A8774EFB758} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{93C37D85-B3B4-4FCC-8B25-B3AAB499EBFD} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{9AC5F2B3-AE9E-4554-A2E8-DD51024FB090} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{A380C45C-B4FC-4C76-B05D-7BA253AC7094} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{BD874287-4119-47D6-8224-AF791C488F61} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{BE1D7B3F-C748-4FB8-8164-C46BFC22176A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{C3024C92-D927-477A-BE5C-6A5062F0B3B7} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{C35930A8-FF79-41D3-807B-D40D36299F26} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{CC14CBBA-EEC4-401A-8681-C689F9F33990} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{CCE5E7F4-DFDB-468A-99A5-0BCEB9686EAE} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{CDF0016E-8732-418C-A5B6-A23CF07F1120} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{CF5267FB-2482-4F6B-8D3A-291F4A60F739} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{CFAC2FD6-F364-489A-8F05-36BFC04BB48B} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{D4B6BDAF-AC98-4DE0-B54D-259990E7FD07} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{D50CE1F0-9598-42D3-B0C8-8B42FCA6FC90} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{D5C9AAFF-0422-46E5-83AA-84556964E654} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{D7FB47E2-7B3B-4AEC-BB72-576D6D88214A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{E0628665-4E28-49D8-B0B8-9B11B87381D4} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{E29C1624-1C4E-41A4-A52A-5BAC81C88CC9} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{E4460693-4A2C-4DBB-9D2E-C408DC5C8941} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{E597A6BD-7E78-4D45-9A26-EB03FC439C02} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{EB425557-6617-4CBD-9BB1-4A155722E130} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{F10F4230-CBC2-4582-8D9C-16C23B26B945} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{F32E6CFB-C2A2-413F-A6AB-2993B9786BFA} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{F50ABFE5-0064-49F7-8C90-8B4024C4432B} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{F8937AC0-6186-409E-9534-BC29C1CEDAB8} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{F9DF9465-3244-4A4F-A554-EA0A0E8EE67A} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\{FB54360C-95EE-4BC7-84D1-BA828DCF1B14} (Empty Folder)
Successfully deleted: C:\Users\Name\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Name\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Name (Task)
Successfully deleted: C:\Users\Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UC5XM6U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJJJK28O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0352JGS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1KE4U8P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UC5XM6U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJJJK28O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0352JGS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1KE4U8P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho7F7E.tmp (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8FEF5B8B-E8D0-4D87-85A1-3260C0D03C62} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2016 at  0:11:42.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


Edited by moveon, 22 December 2016 - 07:16 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 PM

Posted 23 December 2016 - 07:00 AM

Uninstall ALL IObit programs.

 

Allow AdwCleaner to Clean all that it found except the Mind the Time Firefox extension File Found:  C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\9qsvwlrj.default\extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi if you installed the extension and want to keep it.

 

Uninstall the old Java program Java 8 Update 40

 

Update Firefox to the latest...probably 50.1...lots of added security updates

 

NOTE: Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 moveon

moveon
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 23 December 2016 - 07:27 AM

Hi,

Thanks for the reply and for saying what needs to go from the AdwCleaner log... have now removed items except for that Firefox extension.

- Firefox already updated since posting

- Defragging is now on its second round... and finished

- Happy to uninstall that Java; I wasn't sure if it needed an update that wasn't appearing.

- I didn't realise CCleaner was still much of a thing, used to use it over 10 years ago. Will use.

 

However:

-IObit: I use the "File shredder" regularly, basically whenever I'm sure I want rid of a file, so I don't have to go to the bother of checking the recycle bin all the time. (Recycle Bin is largely for stuff I'm not sure about but want out of the way.) What can I replace it with? And on the second machine, I'd be lost without their Windows 8 menu tool.

 

I have just removed IOBit Malware Fighter and Powerful Uninstall as I never used those. Still got Advanced System Care for the time being, until there is something better to replace the file shredder.

 

What can be done about MSE/ Windows Defender failing to update sometimes? It affects both this and the Win 8 machine. It doesn't appear to have a consistent pattern to it.


Edited by moveon, 23 December 2016 - 08:08 AM.


#4 jopa66

jopa66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Windsor CANADA
  • Local time:03:28 PM

Posted 23 December 2016 - 08:26 AM

CCleaner can be set to "securely delete files" in Options. I use this regularly.
You may also want to check out Privazer  https://privazer.com/ and Classic Shell http://www.classicshell.net/



#5 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 PM

Posted 23 December 2016 - 08:37 AM

You can use CCleaner to shred files. Over writing once is enough. You can use CCleaner to view what is in

Windows Startups, browser startups and Tasks. Very useful. Here are the instructions for doing that.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

I consider IOBit products spyware and adware. They do not enjoy a good reputation.

 

Ask in the Vista forum about updating.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 moveon

moveon
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 23 December 2016 - 10:09 AM

Hi, have noticed advice re machine 1 but am now posting logs from machine 2 (Windows 8). It so far seems pretty clean, but want to make sure that there is nothing remaining of the malware from last week. (Don't know if that managed to even install itself.)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64
Ran by Computer (Administrator) on 23/12/2016 at 13:57:24.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Computer\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2016 at 13:59:27.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Computer [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/23/2016 11:45:50 (Duration : 00:51:41)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2412688100-4272978200-3274020505-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2412688100-4272978200-3274020505-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2395253D-A388-48DD-9555-A61365740D36} | DhcpNameServer : 10.8.16.1 ([])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] ksyt5g4f.default-1428438646944 : user_pref("browser.search.selectedEngine", "DuckDuckGo"); -> Found
[PUM.SearchEngine][Firefox:Config] ksyt5g4f.default-1428438646944 : user_pref("browser.search.defaultenginename", "DuckDuckGo"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 0464f5cef80dacce180a1947105ad83c
[BSP] 7a953ccb260afb33417e633f79ea4ff4 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 693575 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1422057472 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1422979072 | Size: 20590 MB
User = LL1 ... OK
User = LL2 ... OK
 

MBAR also found nothing on this machine, neither did AdwCleaner as above.



#7 moveon

moveon
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 23 December 2016 - 10:31 AM

Machine 1, the Windows startups list, there are a few things in there I thought I'd fully uninstalled. Ok to delete them from Ccleaner?

Also reminds me to ask, what is the recommended software these days for removing left behind bits of uninstalled programs?

There seem to be quite a few by the looks of these filepaths.


Edited by moveon, 23 December 2016 - 11:06 AM.


#8 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 PM

Posted 23 December 2016 - 11:48 AM

Sure...if you see a startup or Task relating to a program you have uninstalled....you can delete it by clicking on the item and choosing Delete on the right.

If you are unsure about an item and you can first choose Disable and after a day or two decide then to delete it.

 

Leftovers in the Registry shouldn't cause any problem. If you see an unstalled program's files other than that you can move them to the Recycle bin first

to be safe and then delete them after a few days.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 PM

Posted 23 December 2016 - 11:50 AM

If it is your choice to use Duck Duck Go and you haven't gone through its settings you should do that.

DuckDuckGo Settings  


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 moveon

moveon
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 23 December 2016 - 12:04 PM

Windows

 

Yes    HKCU:Run    Fitbit Connect    Fitbit, Inc.    Name    "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
Yes    HKCU:Run    IVPN Client    IVPN Limited    Name    C:\Program Files\IVPN Client\IVPN Client.exe
Yes    HKCU:Run    Sidebar    Microsoft Corporation    Name    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    All users    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    Apoint    Alps Electric Co., Ltd.    All users    %ProgramFiles%\Apoint\Apoint.exe
No    HKLM:Run    APSDaemon    Apple Inc.    All users    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    AthBtTray    Atheros Commnucations    All users    "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Yes    HKLM:Run    AtherosBtStack    Atheros Commnucations    All users    "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Yes    HKLM:Run    cAudioFilterAgent    Conexant Systems, Inc.    All users    C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
No    HKLM:Run    DivXMediaServer    DivX, LLC    All users    C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
No    HKLM:Run    DivXUpdate        All users    "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Yes    HKLM:Run    Fitbit Connect    Fitbit, Inc.    All users    "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
No    HKLM:Run    HP Software Update        All users    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IAStorIcon    Intel Corporation    All users    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes    HKLM:Run    ISBMgr.exe    Sony Corporation    All users    "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
Yes    HKLM:Run    iTunesHelper    Apple Inc.    All users    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    IVPN Client Runtime Warmup    IVPN Limited    All users    "C:\Program Files\IVPN Client\IVPN Client.exe" /WARMUP
Yes    HKLM:Run    MSC    Microsoft Corporation    All users    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes    HKLM:Run    NvBackend    NVIDIA Corporation    All users    "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes    HKLM:Run    PMBVolumeWatcher    Sony Corporation    All users    c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
Yes    HKLM:Run    ShadowPlay    Microsoft Corporation    All users    C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    All users    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes    HKLM:Run    ZAM    Zemana Ltd.    All users    "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
 

 

 

Scheduled

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    All users    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    ASC8_SkipUac_Name    IObit    Name    "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
Yes    Task    CCleanerSkipUAC    Piriform Ltd    Name    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No    Task    DivXUpdate    DivX, LLC    All users    C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe
Yes    Task    Opera scheduled Autoupdate 1466977301    Opera Software    All users    C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes    Task    {1CD6CDAD-56D9-42FF-9B5B-8DAFDDE897AE}    Microsoft Corporation    Name    C:\Windows\system32\pcalua.exe -a C:\Users\Name\AppData\Roaming\omniboxes\UninstallManager.exe -c  -ptid=obw
Yes    Task    {6E2BB0C2-FEE6-421F-825F-392C1396267D}    Mozilla Corporation    All users    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsProgressBar
Yes    Task    {7D1D2C11-E36D-411A-86C2-950C73EA4DCD}    Microsoft Corporation    Name    C:\Windows\system32\pcalua.exe -a C:\Users\Name\Downloads\ADE_3.0_Installer.exe -d C:\Users\Name\Downloads
Yes    Task    {F0C32702-44FF-4A96-A3DE-7259BDC3E1A5}    Microsoft Corporation    Name    C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Xilisoft\Audio Converter Pro\Uninstall.exe"
 

Omniboxes! I remember that name from the time I had some stubborn malware on the other computer (it wasn't the main problem)

 

 

Replacement for File Shredder needs to be as easy to access as it is, available whenever something is being deleted, via right click menu not opening other software package.



#11 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 PM

Posted 23 December 2016 - 12:36 PM

I would need to see the list of installed programs from CCleaner before offering any suggestions for the Startups and Tasks.

 

You can send files first to the Recycle Bin...then shred using CCleaner.....though I would uncheck the Recycle Bin cleaner except when

wanting to clean the Recycle Bin to avoid permanently deleting something and later finding you need it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 moveon

moveon
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 24 December 2016 - 02:58 AM

Machine 1: installs

 

Active@ KillDisk Professional 7.1    LSoft Technologies Inc    28/05/2013    184 MB    7.1    All users
ActiveX контрола на Windows Live Mesh за отдалечени връзки    Microsoft Corporation    30/07/2012    5.57 MB    15.4.5722.2    All users
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Adobe Acrobat Reader DC    Adobe Systems Incorporated    04/11/2016    206 MB    15.020.20042    All users
Adobe AIR    Adobe Systems Inc.    30/07/2012        2.5.1.17730    All users
Adobe Digital Editions 4.0    Adobe Systems Incorporated    15/03/2016    20.3 MB    4.0.2    All users
Adobe Flash Player 22 ActiveX    Adobe Systems Incorporated    16/06/2016    8.74 MB    22.0.0.192    All users
Adobe Flash Player 22 PPAPI    Adobe Systems Incorporated    02/07/2016    19.5 MB    22.0.0.192    All users
Adobe Flash Player 24 NPAPI    Adobe Systems Incorporated    18/12/2016    19.4 MB    24.0.0.186    All users
Advanced SystemCare 8    IObit    20/03/2015    121 MB    8.1.0    All users
Alps Pointing-device for VAIO    ALPS ELECTRIC CO., LTD.    30/07/2012            All users
Amazon Kindle    Amazon    31/03/2016        1.15.0.43061    Name
Anti-Twin (Installation 07/05/2013)    Joerg Rosenthal, Germany    07/05/2013            All users
Apple Application Support (32-bit)    Apple Inc.    26/05/2016    117 MB    4.3.1    All users
Apple Application Support (64-bit)    Apple Inc.    26/05/2016    131 MB    4.3.1    All users
Apple Mobile Device Support    Apple Inc.    26/05/2016    28.3 MB    9.3.0.15    All users
Apple Software Update    Apple Inc.    26/05/2016    2.69 MB    2.2.0.150    All users
ArcSoft Magic-i Visual Effects 2    ArcSoft    30/07/2012    69.5 MB    2.0.1.142    All users
ArcSoft WebCam Companion 4    ArcSoft    24/11/2012    81.3 MB    4.0.21.485    All users
Audacity 2.1.0    Audacity Team    05/05/2016    49.8 MB    2.1.0    All users
Bluetooth Win7 Suite (64)    Atheros Communications    30/07/2012    74.5 MB    7.3.0.100    All users
Bonjour    Apple Inc.    26/05/2016    2.01 MB    3.1.0.1    All users
CCleaner    Piriform    23/12/2016        5.25    All users
Conexant HD Audio    Conexant    30/07/2012        8.54.0.53    All users
Connection Manager    Connection Manager    26/09/2013        8.7.6.756    All users
Control ActiveX Windows Live Mesh pentru conexiuni la distanță    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Controlo ActiveX do Windows Live Mesh para Ligações Remotas    Microsoft Corporation    30/07/2012    5.38 MB    15.4.5722.2    All users
Contrôle ActiveX Windows Live Mesh pour connexions à distance    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Corel WinDVD    Corel Inc.    30/07/2012    256 MB    10.0.5.800    All users
dBpoweramp    Illustrate    26/05/2016    20.6 MB    Release 15.3    All users
dBpoweramp DSP Effects    Illustrate    26/05/2016    12.5 MB    Release 11    All users
DivX Setup    DivX, LLC    17/06/2016        3.0.0.58    All users
Exact Audio Copy 1.1    Andre Wiethoff    19/04/2016        1.1    All users
Family Historian 5.0    Calico Pie Limited    09/10/2014    44.2 MB        All users
Family Historian PDF (novaPDF 7.0 printer)    Softland    09/10/2014            All users
Fast Duplicate File Finder 3.5.0.1    MindGems, Inc.    07/05/2013    5.36 MB    3.5.0.1    All users
Fitbit Connect    Fitbit Inc.    22/10/2016    65.7 MB    2.0.1.6782    All users
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Freedom    Eighty Percent Solutions Corporation    25/12/2014    1.80 MB    0.7    All users
HP Support Solutions Framework    HP Inc.    08/12/2016    6.78 MB    12.5.32.203    All users
HUAWEI DataCard Driver 4.22.10.00    Huawei technologies Co., Ltd.    26/09/2013        4.22.10.00    All users
Intel® Control Center    Intel Corporation    13/04/2015        1.2.1.1007    All users
Intel® Management Engine Components    Intel Corporation    13/04/2015        7.0.0.1144    All users
Intel® Rapid Storage Technology    Intel Corporation    13/04/2015        10.0.0.1046    All users
iTunes    Apple Inc.    26/05/2016    215 MB    12.4.0.119    All users
iVPN 2.2.2        28/02/2014        2.2.2    All users
IVPN Client    IVPN Limited    09/03/2016        2.6    All users
Java 8 Update 111 (64-bit)    Oracle Corporation    23/12/2016    107 MB    8.0.1110.14    All users
Kernel Outlook PST Viewer ver 11.05.01    Lepide Software Pvt. Ltd.    12/04/2014    28.1 MB        All users
LAME v3.99.3 (for Windows)        05/05/2016    1.52 MB        All users
LibreOffice 3.6    The Document Foundation    02/12/2012    380 MB    3.6.3.2    All users
MahJong Suite 2013 v10.0    TreeCardGames    11/07/2013        10.0    All users
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    29/04/2016    66.8 MB    2.2.1.1043    All users
Microsoft .NET Framework 4.5.2    Microsoft Corporation    20/03/2015    38.8 MB    4.5.51209    All users
Microsoft Expression Encoder 4    Microsoft Corporation    19/04/2016        4.0.1651.0    All users
Microsoft Expression Encoder 4 Screen Capture Codec    Microsoft Corporation    19/04/2016    675 KB    4.0.1651.0    All users
Microsoft Office 2010    Microsoft Corporation    30/07/2012    6.31 MB    14.0.4763.1000    All users
Microsoft Office Click-to-Run 2010    Microsoft Corporation    25/10/2012        14.0.4763.1000    All users
Microsoft Office Starter 2010 - English    Microsoft Corporation    25/10/2012        14.0.4763.1000    All users
Microsoft PowerPoint Viewer    Microsoft Corporation    15/04/2015    179 MB    14.0.7015.1000    All users
Microsoft Security Essentials    Microsoft Corporation    20/03/2015        4.7.205.0    All users
Microsoft Silverlight    Microsoft Corporation    02/04/2016    249 MB    5.1.41212.0    All users
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    30/07/2012    1.69 MB    3.1.0000    All users
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    26/10/2012    298 KB    8.0.61001    All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    26/05/2016    1.41 MB    9.0.21022    All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    14/05/2013    596 KB    9.0.30729    All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    15/05/2013    598 KB    9.0.30729.6161    All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    20/03/2015    12.3 MB    10.0.40219    All users
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    17/06/2016    17.1 MB    12.0.30501.0    All users
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506    Microsoft Corporation    22/05/2016    24.5 MB    14.0.23506.0    All users
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506    Microsoft Corporation    22/05/2016    20.7 MB    14.0.23506.0    All users
Microsoft Visual FoxPro OLE DB Provider    Microsoft Corporation    09/10/2014    1.71 MB    1.0.0    All users
Mozilla Firefox 50.1.0 (x86 en-GB)    Mozilla    23/12/2016    91.4 MB    50.1.0    All users
Mozilla Maintenance Service    Mozilla    23/12/2016    231 KB    50.1.0.6186    All users
MSXML 4.0 SP3 Parser    Microsoft Corporation    30/07/2012    1.47 MB    4.30.2100.0    All users
MSXML 4.0 SP3 Parser (KB2721691)    Microsoft Corporation    03/11/2012    1.53 MB    4.30.2114.0    All users
MSXML 4.0 SP3 Parser (KB2758694)    Microsoft Corporation    10/01/2013    1.54 MB    4.30.2117.0    All users
NVIDIA 3D Vision Driver 350.12    NVIDIA Corporation    16/04/2015        350.12    All users
NVIDIA GeForce Experience 2.4.1.21    NVIDIA Corporation    16/04/2015        2.4.1.21    All users
NVIDIA Graphics Driver 350.12    NVIDIA Corporation    16/04/2015        350.12    All users
NVIDIA HD Audio Driver 1.3.33.0    NVIDIA Corporation    16/04/2015        1.3.33.0    All users
NVIDIA PhysX System Software 9.15.0324    NVIDIA Corporation    16/04/2015        9.15.0324    All users
Opera Stable 42.0.2393.94    Opera Software    21/12/2016        42.0.2393.94    All users
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
PMB    Sony Corporation    30/07/2012    282 MB    5.5.02.12220    All users
Realtek PCIE Card Reader    Realtek Semiconductor Corp.    30/07/2012        6.1.7600.77    All users
RogueKiller version 12.8.6.0    Adlice Software    22/12/2016    47.9 MB    12.8.6.0    All users
Skype™ 7.0    Skype Technologies S.A.    15/04/2015    47.9 MB    7.0.102    All users
Sophos Virus Removal Tool    Sophos Limited    20/03/2015    118 MB    2.5.4    All users
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
VAIO - Media Gallery    Sony Corporation    30/07/2012        1.5.0.16020    All users
VAIO - PMB VAIO Edition Guide    Sony Corporation    30/07/2012    72.3 MB    1.6.00.06030    All users
VAIO - PMB VAIO Edition Plug-in    Sony Corporation    30/07/2012    193 MB    1.6.00.06140    All users
VAIO - Remote Keyboard    Sony Corporation    30/07/2012        1.0.1.03020    All users
VAIO - Remote Play with PlayStation®3    Sony Corporation    30/07/2012        1.1.0.15070    All users
VAIO Care    Sony Corporation    30/07/2012        6.4.0.15030    All users
VAIO Control Center    Sony Corporation    30/07/2012        4.5.0.03040    All users
VAIO Data Restore Tool    Sony Corporation    30/07/2012        1.6.0.13140    All users
VAIO Easy Connect    Sony Corporation    30/07/2012        1.0.0.03050    All users
VAIO Event Service    Sony Corporation    30/07/2012        5.5.0.03040    All users
VAIO Gate    Sony Corporation    30/07/2012        2.3.0.11090    All users
VAIO Gate Default    Sony Corporation    30/07/2012        2.4.0.03240    All users
VAIO Hero Screensaver - Summer 2011 Screensaver        30/07/2012            All users
VAIO Improvement    Sony Corporation    30/07/2012        1.0.0.14150    All users
VAIO Improvement Validation    Sony Corporation    30/07/2012    496 KB    1.0.4.01190    All users
VAIO Manual    Sony Corporation    30/07/2012        2.0.0.02250    All users
VAIO Quick Web Access    Sony Corporation    30/07/2012    334 MB    1.4.5.3    All users
VAIO Sample Contents    Sony Corporation    30/07/2012        1.4.2.09010    All users
VAIO Smart Network    Sony Corporation    30/07/2012        3.5.0.02280    All users
VAIO Transfer Support    Sony Corporation    30/07/2012        1.4.0.14230    All users
VAIO Update    Sony Corporation    30/07/2012        5.4.0.15300    All users
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)    Nuance Communications Inc.    20/11/2014    37.9 MB    11.0.200    All users
Windows Live Essentials    Microsoft Corporation    30/07/2012        15.4.3508.1109    All users
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Windows Live Mesh ActiveX Control for Remote Connections    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Windows Live Mesh ActiveX control for remote connections    Microsoft Corporation    30/07/2012    5.38 MB    15.4.5722.2    All users
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Windows Live Mesh ActiveX-objekt til fjernforbindelser    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz    Microsoft Corporation    30/07/2012    5.38 MB    15.4.5722.2    All users
Windows Live Meshin etäyhteyksien ActiveX-komponentti    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις    Microsoft Corporation    30/07/2012    5.38 MB    15.4.5722.2    All users
Елемент керування Windows Live Mesh ActiveX для віддалених підключень    Microsoft Corporation    30/07/2012    5.38 MB    15.4.5722.2    All users
Элемент управления Windows Live Mesh ActiveX для удаленных подключений    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
 

 

The NVidia graphics drivers need updating, but there is a long running problem with the machine not being able to connect to NVidia. The Windows 7 board appears to have solved the problem with updating MSE and Windows (some of the updates are still downloading and installing), but this problem is still the same.


Edited by moveon, 24 December 2016 - 03:51 AM.


#13 moveon

moveon
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 24 December 2016 - 03:55 AM

Do any of these registry entries in RogueKiller need to go?

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Name [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/23/2016 19:50:42 (Duration : 01:05:36)


[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.8.16.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.42.16.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59C87836-765E-4508-8EF4-43941BA20F06} | DhcpNameServer : 10.8.16.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59C87836-765E-4508-8EF4-43941BA20F06} | DhcpNameServer : 10.42.16.1 ([])  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C32C982-8F53-470C-AE5F-D4C173316C0D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {91A96691-66B9-4162-9502-98E26DFD6C38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C358A1A2-C207-4406-A2EC-76DF10940ED2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9466C6D-616B-4F53-8A2F-3C63243F3C73} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BEACA9E-7996-4E20-A526-8C5DE9C6157D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FE2EE5D-2C94-449D-82F4-79B05105A5DE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C32C982-8F53-470C-AE5F-D4C173316C0D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {91A96691-66B9-4162-9502-98E26DFD6C38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\goforfilesdl.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C358A1A2-C207-4406-A2EC-76DF10940ED2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C9466C6D-616B-4F53-8A2F-3C63243F3C73} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GoforFiles\GoforFiles.exe|Name=GoforFiles| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BEACA9E-7996-4E20-A526-8C5DE9C6157D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FE2EE5D-2C94-449D-82F4-79B05105A5DE} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Name\AppData\Local\Temp\nsd1FB1.tmp\CnetInstaller-76171818.exe|Name=proinstaller714092337| [x] -> Found



 



#14 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:28 PM

Posted 24 December 2016 - 05:08 AM

Delete these Tasks: Use CCleaner by clicking on each item and choosing delete on the right.

Yes    Task    {1CD6CDAD-56D9-42FF-9B5B-8DAFDDE897AE}    Microsoft Corporation    Name    C:\Windows\system32\pcalua.exe -a C:\Users\Name\AppData\Roaming\omniboxes\UninstallManager.exe -c  -ptid=obw
Yes    Task    {6E2BB0C2-FEE6-421F-825F-392C1396267D}    Mozilla Corporation    All users    "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsProgressBar
Yes    Task    {7D1D2C11-E36D-411A-86C2-950C73EA4DCD}    Microsoft Corporation    Name    C:\Windows\system32\pcalua.exe -a C:\Users\Name\Downloads\ADE_3.0_Installer.exe -d C:\Users\Name\Downloads
Yes    Task    {F0C32702-44FF-4A96-A3DE-7259BDC3E1A5}    Microsoft Corporation    Name    C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Xilisoft\Audio Converter Pro\Uninstall.exe"

 

Uninstall these programs:

Adobe AIR    Adobe Systems Inc.    30/07/2012        2.5.1.17730    All users

Adobe Flash Player 22 ActiveX    Adobe Systems Incorporated    16/06/2016    8.74 MB    22.0.0.192    All users
Adobe Flash Player 22 PPAPI    Adobe Systems Incorporated    02/07/2016    19.5 MB    22.0.0.192    All users

Advanced SystemCare 8    IObit    20/03/2015    121 MB    8.1.0    All users

Windows Live Mesh ActiveX Control for Remote Connections    Microsoft Corporation    30/07/2012    5.37 MB    15.4.5722.2    All users
Windows Live Mesh ActiveX control for remote connections    Microsoft Corporation    30/07/2012    5.38 MB    15.4.5722.2    All users

 

 

RogueKiller logs are not allowed in this forum. My amateur opinion is there is nothing in that log that screams for attention....such as Cnet Installer, Go for Files downloader.

 

For a more professional opinion on Rogue Killer's logs you will need to start a new topic in the malware removal forum. If you decide to do that then

follow the instructions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users