Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Baidu Malware


  • Please log in to reply
9 replies to this topic

#1 friendlyboy

friendlyboy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 24 January 2017 - 07:04 AM

I have the history where my browser home page will changed to some baidu search engine something like hao123(dot)com.

 

I have tried to remove traces of them from my computer and I thinking I didn't do enough to eradicate them because just today when I reset my Microsoft Edge browser, my home page was auto detected and changed to Baidu search engine page yet again and when I look in the settings on Edge browser, the "Search in the address bar with" settings is automatically set to Baidu and I was unable to remove it, on top of that it says it was "discovered".

 

I have scanned my computer using AdwCleaner, SystemLook and JRT in the respective order but from the report AdwCleaner doesn't seems to remove anything that is related to Baidu and thus SystemLook and JRT still able to scanned them.

 

 

Here is the log for Adwcleaner:

 

***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
Folder Found:  C:\Users\Low\AppData\Roaming\ParetoLogic
Folder Found:  C:\Users\Low\AppData\Roaming\Tencent
Folder Found:  C:\Users\Low\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found:  C:\ProgramData\ParetoLogic
Folder Found:  C:\ProgramData\Tencent
Folder Found:  C:\ProgramData\Auslogics
Folder Found:  C:\ProgramData\Application Data\ParetoLogic
Folder Found:  C:\ProgramData\Application Data\Tencent
Folder Found:  C:\ProgramData\Application Data\Auslogics
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Folder Found:  C:\Program Files (x86)\Auslogics
Folder Found:  C:\Program Files (x86)\Common Files\Tencent

***** [ Files ] *****
No malicious files found.

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
Key Found:  HKLM\SOFTWARE\Classes\metnsd
Key Found:  [x64] HKLM\SOFTWARE\Classes\metnsd
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
Key Found:  HKU\S-1-5-21-2336078062-750557073-4045420661-1000\Software\ParetoLogic
Key Found:  HKU\S-1-5-21-2336078062-750557073-4045420661-1000\Software\Thunder Network
Key Found:  HKCU\Software\ParetoLogic
Key Found:  HKCU\Software\Thunder Network
Key Found:  HKLM\SOFTWARE\Thunder Network
Key Found:  HKLM\SOFTWARE\Auslogics
Key Found:  [x64] HKCU\Software\ParetoLogic
Key Found:  [x64] HKCU\Software\Thunder Network
Key Found:  [x64] HKLM\SOFTWARE\Thunder Network
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mp.weixin.qq.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qq.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mp.weixin.qq.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qq.com
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************

 

 

 

Here is SystemLook log:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:42 on 24/01/2017 by Low
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "*Baidu*"
C:\Program Files (x86)\kuwo\kuwomusic\8.0.3.2_BCS8\bin\res\baidu.pl --a---- 46818 bytes [02:43 12/01/2016] [02:43 12/01/2016] CC6D9E1920ED7BBE4BAD6E1A2987B9AC
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BM34VLHR\baidu_jgylogo3[1].gif --a---- 705 bytes [01:04 24/01/2017] [01:04 24/01/2017] 803BB46A6ACEF395ED9353DE2DCF26F5
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BM34VLHR\game_baiduapp_icon[1].png --a---- 130932 bytes [01:14 24/01/2017] [01:14 24/01/2017] 85B69622C4E0B01C7455A43277AA0966
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PMKEW4SX\baidu-something-or-other-in-chinese[1].htm --a---- 217495 bytes [11:36 24/01/2017] [11:36 24/01/2017] EC8A350882341FB63C244286E89B1E0E
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PMKEW4SX\baidu-something-or-other-in-chinese[2].htm --a---- 214316 bytes [11:41 24/01/2017] [11:41 24/01/2017] 53EB9DBBC71FE2FB3D36F8FD7DD1C14B
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T5PJAZIK\game_baiduapp_icon[1].png --a---- 153584 bytes [01:14 24/01/2017] [01:14 24/01/2017] EE2A5E72CB7F08E2BA8E11172E0C24AC
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T5PJAZIK\game_baiduapp_icon[2].png --a---- 156379 bytes [01:14 24/01/2017] [01:14 24/01/2017] 7F81BFE5231F894701611359C921319E
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T5PJAZIK\game_baiduapp_icon[3].png --a---- 150302 bytes [01:14 24/01/2017] [01:14 24/01/2017] B9B070D9BDC35D6CD3872BDBA667D1E3
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T5PJAZIK\game_baiduapp_icon[4].png --a---- 168178 bytes [01:14 24/01/2017] [01:14 24/01/2017] F53F97A459D35E6897572C5CC6B758AC
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T5PJAZIK\game_baiduapp_icon[5].png --a---- 169079 bytes [01:14 24/01/2017] [01:14 24/01/2017] 5B2A8B0E47B1D7632683E299B6704AE4
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T5PJAZIK\game_baiduapp_icon[6].png --a---- 151257 bytes [01:14 24/01/2017] [01:14 24/01/2017] 26175F0F4866E6CD66D672AF9D08E74F
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SOZP5692\tieba.baidu[1].xml --a---- 210 bytes [01:14 24/01/2017] [01:15 24/01/2017] E62A953C609CD8F9DA34CF25F046E189
C:\Users\Low\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZP1VHA9I\www.baidu[1].xml --a---- 114 bytes [01:04 24/01/2017] [01:04 24/01/2017] 557F1E80057D4111765AB7452908A8EC
C:\Users\Low\AppData\Local\Temp\baiduyunguangjia_cfg_A900527E-5BA6-4d22-8E96-E40D5C6EDF61.cfg --a---- 4 bytes [06:31 26/11/2016] [06:31 26/11/2016] 4352D88A78AA39750BF70CD6F27BCAA5
C:\Users\Low\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T0U23C7F\pan.baidu[1].xml --a---- 13 bytes [16:23 26/02/2016] [16:23 26/02/2016] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Low\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T0U23C7F\tieba.baidu[1].xml --a---- 309 bytes [16:03 29/09/2016] [16:04 29/09/2016] 4B7323C78FCC6380BB135139E77F7D66
C:\Users\Low\AppData\Roaming\BaiduYunKernel\Data\BaiduKernel_20161126142709_286_1.log --a---- 4518 bytes [06:27 26/11/2016] [07:25 26/11/2016] 2A1D42F94730F71A65E80E1EED733387
C:\Users\Low\AppData\Roaming\BaiduYunKernel\Data\BaiduKernel_20161126142711_748_1.log --a---- 208877 bytes [06:27 26/11/2016] [07:25 26/11/2016] 96631460FC219A2B362D3E46211D13E4
C:\Users\Low\AppData\Roaming\Microsoft\Windows\Recent\https--passport.baidu.com-getpass_index.lnk --a---- 198 bytes [06:29 26/11/2016] [06:29 26/11/2016] 7ACE2268018D46113C911621B863F9EE
========== folderfind ==========
Searching for "*Baidu*"
C:\Users\Low\AppData\Local\Baidu d------ [10:48 15/08/2016]
C:\Users\Low\AppData\Local\Baidu\BaiduYunKernel d------ [10:48 15/08/2016]
C:\Users\Low\AppData\Local\Temp\baidu d------ [06:27 26/11/2016]
C:\Users\Low\AppData\Local\Temp\baiduyunguanjia d------ [06:31 26/11/2016]
C:\Users\Low\AppData\Local\Temp\baidu\BaiduYunGuanjia d------ [06:27 26/11/2016]
C:\Users\Low\AppData\Roaming\baidu d------ [11:36 14/07/2016]
C:\Users\Low\AppData\Roaming\BaiduYunGuanjia d------ [11:36 14/07/2016]
C:\Users\Low\AppData\Roaming\BaiduYunKernel d------ [11:36 14/07/2016]
C:\Users\Low\AppData\Roaming\BaiduYunKongMing d------ [11:38 14/07/2016]
C:\Users\Low\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7MCJ26XC\#AppContainer\tieba.baidu.com d------ [11:44 08/11/2016]
C:\Users\Low\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tieba.baidu.com d------ [11:44 08/11/2016]
-= EOF =-

 

 

Here is JRT Log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Low (Administrator) on 01/24/2017 Tue at 19:45:18.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 7
Failed to delete: C:\Program Files (x86)\sogouinput (Folder)
Successfully deleted: C:\ProgramData\thunder network (Folder)
Successfully deleted: C:\Users\Low\Appdata\LocalLow\thunder network (Folder)
Successfully deleted: C:\Users\Low\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\SogouImeMgr (Task)
Successfully deleted: C:\Program Files (x86)\thunder network (Folder)
 
Registry: 5
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SogouUpdate (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value)
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/24/2017 Tue at 19:46:21.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Hope someone can help me check whether I'm infected or not, and if so guide me on how to remove.

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:29 AM

Posted 25 January 2017 - 06:40 AM

Your AdwCleaner scan doesn't show you deleted what it found. Please rerun and be sure to choose Clean when scan is finished.

Post the results.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 friendlyboy

friendlyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 25 January 2017 - 04:39 PM

Malwarebytes:
 
Scan Date: 1/26/2017
Scan Time: 12:20 AM
Logfile: 5.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.01.25.06
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Low
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345330
Time Elapsed: 7 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 9
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{004B0726-A010-4abf-8556-FCDB7F1FCA1E}, Quarantined, [c159d0b08b1d55e13757cbbf6d958b75],
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{0119CCC1-8EAC-43E9-AA7D-87F64B44AA4D}, Quarantined, [c159d0b08b1d55e13757cbbf6d958b75],
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}, Quarantined, [c159d0b08b1d55e13757cbbf6d958b75],
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\INPROCSERVER32, Quarantined, [c159d0b08b1d55e13757cbbf6d958b75],
PUP.Optional.Xunlei.BHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [c159d0b08b1d55e13757cbbf6d958b75],
PUP.Optional.Xunlei.BHO, HKU\S-1-5-21-2336078062-750557073-4045420661-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}, Quarantined, [c159d0b08b1d55e13757cbbf6d958b75],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, Quarantined, [9d7dbfc1218785b1349e0c0723e156aa],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, Quarantined, [2feb96ea4a5ead8909c95cb7b64e7a86],
Trojan.Agent, HKU\S-1-5-21-2336078062-750557073-4045420661-1000_Classes\thunder, Quarantined, [938737495b4d0432efe3fb180ff557a9],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

 

AdwCleaner:

 

 

***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gamer.qq.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qq.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gamer.qq.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qq.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gamer.qq.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qq.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gamer.qq.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qq.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com

***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3392 Bytes] - [24/01/2017 19:39:02]
C:\AdwCleaner\AdwCleaner[C2].txt - [7286 Bytes] - [26/01/2017 00:16:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [3207 Bytes] - [24/01/2017 19:38:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [7453 Bytes] - [25/01/2017 20:00:15]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [7505 Bytes] ##########

 

ESET OnlineScan:

 

C:\Downloads\sogou_pinyin_74j.exe a variant of Win32/Sogou.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\SogouInput\7.4.1.4880\upexd.dll a variant of Win32/Sogou.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\SogouInput\7.4.1.4880\sgrepairbackup\installbak.exe a variant of Win32/Sogou.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\SogouInput\7.4.1.4880\sgrepairbackup\upexd.dll a variant of Win32/Sogou.A potentially unwanted application cleaned by deleting
 



#4 buddy215

buddy215

  • Moderator
  • 13,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:29 AM

Posted 25 January 2017 - 05:00 PM

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 friendlyboy

friendlyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 26 January 2017 - 06:12 AM

Startup:

Yes HKCU:Run ctfmon Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run WallpaperEngine  "D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
No HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
No HKLM:Run Razer Synapse Razer Inc. "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Yes HKLM:Run RtHDVBg_DTS Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run WindowsDefender  "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Yes Startup User Rainmeter.lnk Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe
 

Scheduled Tasks:

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes Task NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
Yes Task SmartDefrag4_Update IObit C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe /autorun
Yes Task {9AC0595B-A3F2-4CFF-A032-39633ADEF3F8} RAIDCALL.COM C:\Program Files (x86)\RC語音\raidcall.exe

 

And I can't seem to paste my whole list of programs installed from the text exported out from CCleaner, if I do paste it into the reply and click submit, it keeps telling me that I does not have permission for that action. Is there anyway around that?


Edited by friendlyboy, 26 January 2017 - 06:19 AM.


#6 buddy215

buddy215

  • Moderator
  • 13,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:29 AM

Posted 26 January 2017 - 06:33 AM

Try splitting the list in half and posting in two replies/ posts.

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run WallpaperEngine  "D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Yes Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes Task NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
Yes Task SmartDefrag4_Update IObit C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe /autorun
Yes Task {9AC0595B-A3F2-4CFF-A032-39633ADEF3F8} RAIDCALL.COM C:\Program Files (x86)\RC語音\raidcall.exe


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 friendlyboy

friendlyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 26 January 2017 - 10:56 PM

List of programs:

 

.NET Reflector Desktop Red Gate Software Ltd 4/28/2016 9.01 MB 8.5.0.179
3D Builder Microsoft Corporation 12/2/2016  12.0.3131.0
AdBlock BetaFish 1/25/2017  1.9.0.0
Adobe Flash Player 24 NPAPI Adobe Systems Incorporated 1/12/2017 19.4 MB 24.0.0.194
Alarms & Clock Microsoft Corporation 1/25/2017  10.1701.10103.0
Android Studio Google Inc. 8/3/2016  1.0
App connector Microsoft Corporation 8/3/2016  1.3.3.0
App Installer Microsoft Corporation 8/10/2016  1.0.2181.0
Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 1/14/2016 224 KB 2.0.9.0001
Asmedia USB Host Controller Driver Asmedia Technology 1/14/2016 4.95 MB 1.16.24.0
Battle.net Blizzard Entertainment 1/8/2017 601 MB 
Battlefield™ 1 Electronic Arts 1/8/2017 49.8 GB 1.0.47.30570
BattlePing BattlePing 1/15/2016 9.83 MB 1.3.6.9
Beyond Compare 4.1.6 Scooter Software 8/12/2016 44.1 MB 4.1.6.21095
Blade & Soul NCTAIWAN 1/14/2016 714 KB 2.02.0000
Bonjour Apple Inc. 1/14/2016 2.69 MB 2.0.2.0
Bonjour Print Services Apple Inc. 1/14/2016 4.27 MB 2.0.2.0
Broadcom 802.11 Network Adapter Broadcom Corporation 8/3/2016  6.34.223.5
Calculator Microsoft Corporation 1/25/2017  10.1701.10102.0
Call of Duty: Black Ops Treyarch 9/30/2016 8.96 GB 
Camera Microsoft Corporation 12/13/2016  2016.1101.20.0
CCleaner Piriform 11/9/2016 18.4 MB 5.23
DARK SOULS III FromSoftware, Inc. 11/26/2016 18.6 GB 
Dishonored 2 Arkane Studios 1/3/2017 37.8 GB 
EdgeManage Emmet Gray 8/22/2016 4.02 MB 1.6.1.0
Feedback Hub Microsoft Corporation 1/6/2017  1.1611.3471.0
Flashtool Androxyde 9/10/2016  0.9.22.3
Get Office Microsoft Corporation 11/16/2016  17.7608.23501.0
Groove Music Microsoft Corporation 12/17/2016  10.16112.10211.0
Intel® Management Engine Components Intel Corporation 1/14/2016  11.0.0.1163
Intel® Network Connections 20.2.3001.0 Intel 1/14/2016 4.58 MB 20.2.3001.0
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 6/15/2015  4.0.0.36
Java 8 Update 91 Oracle Corporation 4/22/2016 178 MB 8.0.910.14
Java 8 Update 91 (64-bit) Oracle Corporation 4/22/2016 204 MB 8.0.910.14
Java SE Development Kit 8 Update 74 (64-bit) Oracle Corporation 2/27/2016 538 MB 8.0.740.2

 


K-Lite Mega Codec Pack 11.8.5 KLCP 1/15/2016 142 MB 11.8.5
Kaspersky Internet Security Kaspersky Lab 12/6/2016 87.8 MB 17.0.0.611
KH Ultra Trainer KongHack 12/26/2016  0.1.0.76
Logitech Gaming Software 8.79 Logitech Inc. 8/3/2016 190 MB 8.79.73
Mail and Calendar Microsoft Corporation 1/22/2017  17.7812.42257.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 11/18/2016 56.7 MB 2.2.1.1043
Maps Microsoft Corporation 12/14/2016  5.1611.3342.0
Messaging Microsoft Corporation 8/3/2016  3.19.1001.0
Microsoft Robocopy GUI Microsoft 1/16/2016 1.67 MB 1.0.0
Microsoft Solitaire Collection Microsoft Studios 1/18/2017  3.12.12200.0
Microsoft Sticky Notes Microsoft Corporation 1/19/2017  1.4.7.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/14/2016 600 KB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 1/14/2016 1.11 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 Microsoft Corporation 7/16/2016 1.11 MB 9.0.30729.7523
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9/28/2016 1.34 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 Microsoft Corporation 7/16/2016 724 KB 9.0.30729.7523
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 7/16/2016 1.08 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 7/16/2016 688 KB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 1/7/2017  11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 12/3/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 8/3/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 1/7/2017 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 8/3/2016 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 Microsoft Corporation 10/9/2016 23.5 MB 14.0.24210.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 Microsoft Corporation 10/9/2016 19.5 MB 14.0.24210.0
Microsoft Wi-Fi Microsoft Corporation 8/3/2016  1.1604.4.0
Money Microsoft Corporation 12/16/2016  4.18.37.0
Movies & TV Microsoft Corporation 12/14/2016  10.16112.10221.0
Mozilla Firefox 50.1.0 (x86 en-US) Mozilla 12/15/2016 91.4 MB 50.1.0
Mozilla Maintenance Service Mozilla 12/15/2016 425 KB 50.1.0
Mudfish Cloud VPN v4.4.3 Mudfish Networks 11/26/2016  4.4.3
NC Launcher NCSOFT 1/14/2017 355 MB 
Neffy 1,2,5,0 CDNetworks 8/3/2016  1,2,5,0
Notepad++ (32-bit x86) Notepad++ Team 12/7/2016 6.76 MB 7.2.2
NVIDIA 3D Vision Driver 376.09 NVIDIA Corporation 12/3/2016 32.8 MB 376.09
NVIDIA Graphics Driver 376.09 NVIDIA Corporation 12/3/2016 592 MB 376.09
NVIDIA HD Audio Driver 1.3.34.17 NVIDIA Corporation 12/3/2016 8.68 MB 1.3.34.17
NVIDIA PhysX System Software 9.16.0318 NVIDIA Corporation 5/24/2016 406 MB 9.16.0318
OneNote Microsoft Corporation 1/14/2017  17.7766.57671.0
Origin Electronic Arts, Inc. 1/14/2017 374 MB 10.3.5.6379
Overwatch Blizzard Entertainment 1/8/2017 20.8 GB 
Paid Wi-Fi & Cellular Microsoft Corporation 9/16/2016  1.1607.6.0
People Microsoft Corporation 12/8/2016  10.1.3160.0
Phone Microsoft Corporation 8/3/2016  2.17.27003.0
Phone Companion Microsoft Corporation 9/29/2016  10.1609.2561.0
Photos Microsoft Corporation 11/23/2016  16.1118.10000.0
Quantum Break Remedy Entertainment 10/26/2016 69.0 GB 
Rainmeter  1/2/2017  4.0 r2746
Razer Synapse Razer Inc. 5/1/2016 18.0 MB 1.18.21.28549
RC語音 raidcall.com.tw 8/3/2016  8.1.8-1.0.3082.121
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/4/2016 40.6 MB 6.0.1.7524
Shadow Warrior 2 Flying Wild Hog 1/14/2017 14.3 GB 
Skype Preview Skype 1/23/2017  11.10.152.0
Skype™ 7.28 Skype Technologies S.A. 9/30/2016 160 MB 7.28.101
Smart Defrag 4 IObit 1/15/2016 30.5 MB 4.3
Sony PC Companion 2.10.303 Sony 3/10/2016 43.3 MB 2.10.303
Sports Microsoft Corporation 12/16/2016  4.18.37.0
Steam Valve Corporation 8/3/2016  2.10.91.91
Store Microsoft Corporation 1/23/2017  11610.1001.25.0
Store Purchase App Microsoft Corporation 9/28/2016  11608.1000.2431.0
Sway Microsoft Corporation 1/20/2017  17.7766.45161.0
TeamViewer 12 TeamViewer 1/14/2017 85.6 MB 12.0.72365
TechPowerUp GPU-Z TechPowerUp 8/3/2016  
Tips Microsoft Corporation 1/25/2017  4.4.11.0
Tom Clancy's Splinter Cell: Conviction Ubisoft Montreal 10/31/2016 7.15 GB 
Tunngle Tunngle.net GmbH 10/26/2016 22.0 MB 5.8.7
Twitter Twitter Inc. 12/7/2016  5.4.1.0
Unity Web Player Unity Technologies ApS 8/3/2016 12.0 MB 5.3.4f1
Uplay Ubisoft 1/14/2017 180 MB 24.0
VLC media player VideoLAN 8/3/2016 121 MB 2.2.4
Voice Recorder Microsoft Corporation 12/13/2016  10.1612.3352.0
Vulkan Run Time Libraries 1.0.26.0 LunarG, Inc. 12/3/2016 1.66 MB 1.0.26.0
Wallpaper Engine Kristjan Skutta 1/14/2017 370 MB 
Warframe Digital Extremes 1/15/2017 22.5 GB 
WD Discovery Western Digital Technologies, Inc. 1/14/2016 9.65 MB 102.0.1.10
WD My Cloud Western Digital Technologies, Inc. 1/15/2016 77.3 MB 1.0.7.5
Weather Microsoft Corporation 12/16/2016  4.18.37.0
WestwoodOnline WestwoodOnline 11/9/2016 1.00 MB 1.0.0.0
WIDCOMM Bluetooth Software Broadcom Corporation 1/14/2016 268 MB 6.5.1.6680
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) Google, Inc. 9/10/2016  08/28/2014 11.0.0000.00000
Windows DVD Player Microsoft Corporation 8/3/2016  3.6.13291.0
WinRAR 5.31 beta 1 (64-bit) win.rar GmbH 8/3/2016 5.08 MB 5.31.1
WPTx64 Microsoft 8/4/2016 32.5 MB 8.59.25584
Xbox Microsoft Corporation 12/22/2016  24.24.20004.0
Xbox 360 SmartGlass Microsoft Corporation 8/3/2016  1.4.3.0
Xbox Accessories Microsoft Corporation 11/5/2016  100.1611.3004.0
Xbox Identity Provider Microsoft Corporation 8/3/2016  11.19.19003.0



#8 buddy215

buddy215

  • Moderator
  • 13,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:29 AM

Posted 27 January 2017 - 06:43 AM

Install this adblocker....Adblock Plus - Chrome Web Store    Adblock Plus :: Add-ons for Firefox

After install...click on ABP icon at the top of your browser and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.

 

Uninstall these programs:

AdBlock BetaFish 1/25/2017  1.9.0.0

Java 8 Update 91 Oracle Corporation 4/22/2016 178 MB 8.0.910.14
Java 8 Update 91 (64-bit) Oracle Corporation 4/22/2016 204 MB 8.0.910.14
Java SE Development Kit 8 Update 74 (64-bit) Oracle Corporation 2/27/2016 538 MB 8.0.740.2

Smart Defrag 4 IObit 1/15/2016 30.5 MB 4.3

 

Most users don't need Java. If you install the newer version be sure to download from Download Free Java Software

Watch for unwanted programs during installation. Be sure to uncheck those.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 friendlyboy

friendlyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 28 January 2017 - 12:54 PM

Sure. Thanks for the guide and advice. I'll becareful from here on out.



#10 buddy215

buddy215

  • Moderator
  • 13,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:29 AM

Posted 28 January 2017 - 03:36 PM

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users