Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCKeeper found (AdwClweaner)


  • Please log in to reply
21 replies to this topic

#1 hdriscoll

hdriscoll

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 31 January 2017 - 04:32 PM

I'm not getting any redirects or any other type of "virus" activity. My PC runs just fine. I do however, find a couple things when I run a scan with AdwCleaner. I'll delete them and they'll be gone for a little while then return.

 

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:44 AM

Posted 31 January 2017 - 06:33 PM

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout H
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

 

download Sophos Virus Removal Tool and save it to your computer's Desktop. This may take an hour or 2. Do it when you will not need the computer.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 Windows XP:
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.

After you have completed the above scans and posted the results...rerun AdwCleaner using the instructions below and post the results.

 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 


Edited by buddy215, 31 January 2017 - 06:36 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 31 January 2017 - 07:51 PM

Results are below:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by Harry (Administrator) on Tue 01/31/2017 at 19:10:10.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 17

Successfully deleted: C:\Users\Harry\Documents\add-in express (Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\101EF49R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2F1L4MBH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54ZC4TPK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2A5AY8A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DA0KZD3K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA0V3MMS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGDZ2S1I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU2TNT8R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\101EF49R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2F1L4MBH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54ZC4TPK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2A5AY8A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DA0KZD3K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA0V3MMS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGDZ2S1I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU2TNT8R (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/31/2017 at 19:11:20.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

No threats were found using the Sophos Virus Removal tool.

 

# AdwCleaner v6.043 - Logfile created 31/01/2017 at 20:31:13
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-31.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Harry - ONE
# Running from : C:\Users\Harry\Documents\Tools\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software

***** [ Web browsers ] *****

[-] [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1455 Bytes] - [30/12/2016 08:52:54]
C:\AdwCleaner\AdwCleaner[C2].txt - [1446 Bytes] - [25/01/2017 04:36:31]
C:\AdwCleaner\AdwCleaner[C3].txt - [2038 Bytes] - [29/01/2017 19:05:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [1655 Bytes] - [31/01/2017 20:31:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1496 Bytes] - [30/12/2016 08:52:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [1642 Bytes] - [07/01/2017 20:10:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1545 Bytes] - [25/01/2017 04:35:42]
C:\AdwCleaner\AdwCleaner[S3].txt - [2059 Bytes] - [29/01/2017 19:04:43]
C:\AdwCleaner\AdwCleaner[S4].txt - [2201 Bytes] - [31/01/2017 16:24:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [2274 Bytes] - [31/01/2017 20:31:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2166 Bytes] ##########


Edited by hdriscoll, 31 January 2017 - 08:34 PM.


#4 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 01 February 2017 - 05:16 AM

I ran AdwCleaner again this morning and PCKeeper is gone. I do have still have two results listed under Chrome. If you look under [Web browsers] in my post above, you'll see what I'm talking about.

 

I've read somewhere that these have to do with Skype. Can someone confirm this?



#5 buddy215

buddy215

  • Moderator
  • 13,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:44 AM

Posted 01 February 2017 - 06:31 AM

What if anything did MBAM find?

 

The only mention of Chrome was this:

[-] [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

 

If your scan using AdwCleaner this morning was different....please post its log.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 01 February 2017 - 11:43 AM

Malwarebytes found nothing.

 

The two items from Chrome continually reappear.

 

I'll do the rest of what was asked when I get home from work.


Edited by hdriscoll, 01 February 2017 - 11:44 AM.


#7 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 01 February 2017 - 05:16 PM

ADWCleaner log:

 

# AdwCleaner v6.043 - Logfile created 01/02/2017 at 05:06:23
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-31.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Harry - ONE
# Running from : C:\Users\Harry\Documents\Tools\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1455 Bytes] - [30/12/2016 08:52:54]
C:\AdwCleaner\AdwCleaner[C2].txt - [1446 Bytes] - [25/01/2017 04:36:31]
C:\AdwCleaner\AdwCleaner[C3].txt - [2038 Bytes] - [29/01/2017 19:05:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [2253 Bytes] - [31/01/2017 20:31:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1496 Bytes] - [30/12/2016 08:52:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [1642 Bytes] - [07/01/2017 20:10:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1545 Bytes] - [25/01/2017 04:35:42]
C:\AdwCleaner\AdwCleaner[S3].txt - [2059 Bytes] - [29/01/2017 19:04:43]
C:\AdwCleaner\AdwCleaner[S4].txt - [2201 Bytes] - [31/01/2017 16:24:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [2274 Bytes] - [31/01/2017 20:31:04]
C:\AdwCleaner\AdwCleaner[S6].txt - [1899 Bytes] - [01/02/2017 05:06:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1972 Bytes] ##########

 

Three lists from CCleaner:

 

Yes HKCU:Run AnyDVD SlySoft, Inc. C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
Yes HKCU:Run DDAssist Drobo, Inc. C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
Yes HKCU:Run DisplayFusion Binary Fortress Software "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Steam Valve Corporation "D:\Games\steam.exe" -silent
Yes HKCU:Run Xvid  powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes Startup Common Install LastPass IE RunOnce.lnk LastPass C:\Program Files (x86)\Common Files\lpuninstall.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

 

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe -check pepperplugin
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-ONE-Harry Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HWiNFO  "C:\Program Files\HWiNFO64\HWiNFO64.EXE"
Yes Task Installation App Launcher  "C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe"
No Task SamsungMagician Samsung Electronics. "C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe" /AUTOHIDE
Yes Task SUPERAntiSpyware Scheduled Task 0ea566e8-cdba-4436-bffc-ac4cd16bdd94 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:0ea566e8-cdba-4436-bffc-ac4cd16bdd94
Yes Task SUPERAntiSpyware Scheduled Task 5f05af96-4f21-4d57-a2bc-e940a25548f7 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:5f05af96-4f21-4d57-a2bc-e940a25548f7
Yes Task {014604C7-5839-4BB0-815B-F7EB36B7107A}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {044D4D55-56FA-4617-93FD-5864FF74BF0E}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {3737868A-4CE2-41AE-ABFA-6A08C3DD6AD5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Harry\Documents\Virtual Machine\VirtualBox-5.1.2-108956-Win.exe" -d "C:\Users\Harry\Documents\Virtual Machine"
Yes Task {57E58CA0-819A-449F-A571-2C1B82F3D08D}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {69CE23EB-EA05-4F24-BC9C-BF3DEA14566B}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {70F23D5C-17F6-4C87-B09C-4F789F15524D}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {889B9A17-0EF4-4D24-9274-5564C3871CA5}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {9662228D-453A-48D7-AA8C-F0E20941A3DF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NovaLogic\Tachyon\Uninst.isu"
Yes Task {BF3D8947-5FFF-4535-9974-FB9B4847F202}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {C1F00F22-F56A-4A98-B65A-005D7AEFD441}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {FADA6796-C84C-4045-9872-F9013FF39E9B}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {FCB6AAFB-7205-4291-B679-3827BACA8149}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe

 

Yes Directory 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Play with VLC media player VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Drive VMDiskMenuHandler VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll
Yes Drive VMDiskMenuHandler64 VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll
Yes File 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll

 

install from CCleaner:

 

7-Zip 16.02 (x64) Igor Pavlov 7/15/2016 4.75 MB 16.02
Adobe Acrobat Reader DC Adobe Systems Incorporated 1/20/2017 209 MB 15.023.20056
Adobe Flash Player 24 ActiveX Adobe Systems Incorporated 1/29/2017 18.9 MB 24.0.0.194
Adobe Flash Player 24 PPAPI Adobe Systems Incorporated 1/29/2017 19.6 MB 24.0.0.194
Adobe Photoshop Elements 14 Adobe Systems Incorporated 2/10/2016 2.89 GB 14.1
Adobe Premiere Elements 14 Adobe Systems Incorporated 2/10/2016 3.61 GB 14.1
Any Video Converter 6.0.8 Anvsoft 1/29/2017  6.0.8
AnyDVD SlySoft 1/10/2016  7.6.7.0
Application Insights Tools for Visual Studio 2015 Microsoft Corporation 1/9/2017 5.95 MB 7.0.20622.1
CCleaner Piriform 1/29/2017  5.26
Corsair Link 4 Corsair Components, Inc. 1/5/2017 71.1 MB 4.3.0.154
Corsair Link™ USB Dongle (Driver Removal) Corsair Memory, Inc. 1/5/2017  
CPUID CPU-Z 1.78  1/1/2017 3.85 MB 
CryptoPrevent Foolish IT LLC 3/20/2016 9.51 MB 
Deus Ex: Human Revolution Eidos Montreal 12/12/2016  
DisplayFusion 8.1.2 Binary Fortress Software 12/24/2016 62.2 MB 8.1.2.0
Drobo Dashboard Drobo 12/30/2016 103 MB 2.8.5
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 Microsoft Corporation 1/9/2017 143 MB 14.0.41103.0
EVGA E-LEET Tuning Utility X EVGA Corporation 1/3/2017 14.5 MB 0.9.4
Extended Asian Language font pack for Adobe Acrobat Reader DC Adobe Systems Incorporated 1/13/2016 95.6 MB 15.007.20033
ffdshow x64 v1.3.4531 [2014-06-28]  1/6/2016 14.8 MB 1.3.4531.0
GIMP 2.8.16 The GIMP Team 2/10/2016 283 MB 2.8.16
Google Chrome Google Inc. 1/11/2016  55.0.2883.87
HandBrake 0.10.5  7/14/2016  0.10.5
Heaven Benchmark version 4.0 Unigine Corp. 12/18/2016 274 MB 4.0
Homeworld Remastered Collection Gearbox Software 12/12/2016  
IIS 10.0 Express Microsoft Corporation 1/9/2017 36.1 MB 10.0.1736
IIS Express Application Compatibility Database for x64  1/9/2017  
IIS Express Application Compatibility Database for x86  1/9/2017  
ImgBurn LIGHTNING UK! 12/18/2016  2.5.8.0
Intel® Network Connections 19.0.27.0 Intel 1/2/2016 27.1 MB 19.0.27.0
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 6/26/2014  3.0.0.34
LastPass (uninstall only) LastPass 1/29/2017  
LOOT version 0.10.2 LOOT Team 12/12/2016 106 MB 0.10.2
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 1/29/2017 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft Corporation 1/9/2017 41.8 MB 4.5.50710
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack Microsoft Corporation 1/9/2017 49.3 MB 4.5.50932
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) Microsoft Corporation 1/9/2017 74.5 MB 4.5.50932
Microsoft .NET Framework 4.5.1 SDK Microsoft Corporation 1/9/2017 19.4 MB 4.5.51641
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack Microsoft Corporation 1/9/2017 49.4 MB 4.5.51651
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) Microsoft Corporation 1/9/2017 74.4 MB 4.5.51209
Microsoft .NET Framework 4.6 SDK Microsoft Corporation 1/9/2017 20.0 MB 4.6.00081
Microsoft .NET Framework 4.6 Targeting Pack Microsoft Corporation 1/9/2017 40.3 MB 4.6.00081
Microsoft .NET Framework 4.6 Targeting Pack (ENU) Microsoft Corporation 1/9/2017 69.6 MB 4.6.00127
Microsoft .NET Framework 4.6.1 Microsoft Corporation 1/15/2016 38.8 MB 4.6.01055
Microsoft .NET Framework 4.6.1 SDK Microsoft Corporation 1/15/2016 20.0 MB 4.6.01055
Microsoft .NET Framework 4.6.1 Targeting Pack Microsoft Corporation 1/15/2016 40.4 MB 4.6.01055
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) Microsoft Corporation 1/15/2016 69.6 MB 4.6.01055
Microsoft .NET Version Manager (x64) 1.0.0-beta5 Microsoft Corporation 1/9/2017 68.0 KB 1.0.10609.0
Microsoft Help Viewer 2.2 Microsoft Corporation 1/9/2017 12.1 MB 2.2.25420
Microsoft Office Home and Business 2013 - en-us Microsoft Corporation 1/20/2017  15.0.4893.1002
Microsoft OneDrive Microsoft Corporation 1/28/2016 37.6 MB 17.3.6281.1202
Microsoft Security Essentials Microsoft Corporation 11/30/2016  4.10.209.0
Microsoft Silverlight Microsoft Corporation 10/12/2016 249 MB 5.1.50901.0
Microsoft SQL Server 2012 Command Line Utilities  Microsoft Corporation 1/9/2017 876 KB 11.0.2100.60
Microsoft SQL Server 2012 Native Client  Microsoft Corporation 1/9/2017 7.19 MB 11.0.2100.60
Microsoft SQL Server 2014 Management Objects  Microsoft Corporation 1/9/2017 24.7 MB 12.0.2000.8
Microsoft SQL Server 2014 Management Objects  (x64) Microsoft Corporation 1/9/2017 17.4 MB 12.0.2000.8
Microsoft SQL Server 2014 T-SQL Language Service  Microsoft Corporation 1/9/2017 6.65 MB 12.0.2000.8
Microsoft SQL Server 2014 Transact-SQL ScriptDom  Microsoft Corporation 1/9/2017 6.17 MB 12.0.2000.8
Microsoft SQL Server 2016 LocalDB  Microsoft Corporation 1/9/2017 231 MB 13.0.1601.5
Microsoft SQL Server 2016 Management Objects  Microsoft Corporation 1/9/2017 25.1 MB 13.0.1601.5
Microsoft SQL Server 2016 Management Objects  (x64) Microsoft Corporation 1/9/2017 16.4 MB 13.0.1601.5
Microsoft SQL Server 2016 T-SQL Language Service  Microsoft Corporation 1/9/2017 3.53 MB 13.0.14500.10
Microsoft SQL Server 2016 T-SQL ScriptDom  Microsoft Corporation 1/9/2017 3.66 MB 13.0.1601.5
Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft Corporation 1/15/2016 22.4 MB 4.0.8876.1
Microsoft SQL Server Data Tools - enu (14.0.60519.0) Microsoft Corporation 1/9/2017 44.4 MB 14.0.60519.0
Microsoft System CLR Types for SQL Server 2014 Microsoft Corporation 1/9/2017 5.69 MB 12.0.2402.29
Microsoft System CLR Types for SQL Server 2016 Microsoft Corporation 1/9/2017 6.08 MB 13.0.1601.5
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2/9/2016 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2/9/2016 572 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 1/31/2016 786 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 1/31/2016 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2/11/2016 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 1/31/2016 230 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 1/3/2016 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 11/22/2016 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 11/22/2016 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 1/9/2017  11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2/23/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 1/9/2017  11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2/23/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 1/9/2017 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 1/3/2017 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 1/9/2017 17.1 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 1/3/2017 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 Microsoft Corporation 1/9/2017 25.4 MB 14.0.24215.1
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 1/9/2017 21.5 MB 14.0.24215.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 11/22/2016  10.0.50903
Microsoft Visual Studio Community 2015 with Updates Microsoft Corporation 1/9/2017 6.05 GB 14.0.25420.1
Microsoft Web Deploy 3.6 Microsoft Corporation 1/9/2017 6.26 MB 3.1238.1962
MSI Afterburner 4.3.0 MSI Co., LTD 1/4/2017  4.3.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 2/19/2016 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 2/19/2016 1.33 MB 4.20.9876.0
Nexus Mod Manager Black Tree Gaming 12/12/2016 23.9 MB 0.63.9
nGlide 1.05 Zeus Software 10/9/2016 7.30 MB 1.05
NVIDIA Graphics Driver 378.49 NVIDIA Corporation 1/26/2017  378.49
NVIDIA PhysX System Software 9.16.0318 NVIDIA Corporation 7/17/2016  9.16.0318
OpenAL  7/31/2016  
OpenRL Runtime 1.3.1000.14 x64 Caustic Graphics, Inc. 2/23/2016 12.0 MB 1.3.1000.14
Oracle VM VirtualBox 5.1.12 Oracle Corporation 12/21/2016 169 MB 5.1.12
PerformanceTest v9.0 Passmark Software 1/8/2017 233 MB 9.0.1007.0
Prerequisites for SSDT  Microsoft Corporation 1/9/2017 7.44 MB 12.0.2000.8
RAD Video Tools  11/5/2016  
RivaTuner Statistics Server 6.5.0 Unwinder 1/2/2017  6.5.0
S.T.A.L.K.E.R.: Call of Pripyat GSC Game World 1/22/2017  
S.T.A.L.K.E.R.: Clear Sky GSC Game World 1/22/2017  
S.T.A.L.K.E.R.: Shadow of Chernobyl GSC Game World 1/22/2017  
Samsung Magician Samsung Electronics 3/7/2016 60.9 MB 4.9.5
Skype™ 7.3 Skype Technologies S.A. 7/31/2016 49.2 MB 7.3.101
Skyrim Creation Kit bgs.bethsoft.com 12/12/2016  
Sophos Virus Removal Tool Sophos Limited 1/31/2017 162 MB 2.5.6
Speccy Piriform 12/30/2016  1.30
Steam Valve Corporation 12/12/2016  2.10.91.91
SUPERAntiSpyware SUPERAntiSpyware.com 1/29/2017 69.9 MB 6.0.1230
System Shock 2 Irrational Games 12/12/2016  
Tachyon: The Fringe NovaLogic 12/12/2016  
The Elder Scrolls V: Skyrim Bethesda Game Studios 12/12/2016  
VLC media player VideoLAN 6/16/2016  2.2.4
VMware Player VMware, Inc. 12/23/2016 232 MB 12.5.1
Vulkan Run Time Libraries 1.0.37.0 LunarG, Inc. 1/26/2017 1.66 MB 1.0.37.0
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (10/30/2015 3.6) Corsair Components, Inc. 1/5/2017  10/30/2015 3.6
Windows XP Mode Microsoft Corporation 12/17/2016 1.13 GB 1.3.7600.16423
WinPcap 4.1.3 Riverbed Technology, Inc. 4/27/2016  4.1.0.2980
Wrye Bash Wrye & Wrye Bash Development Team 12/12/2016  0.3.0.6
X3: Albion Prelude Egosoft 12/12/2016  
X3: Terran Conflict Egosoft 12/12/2016  
Xvid Video Codec Xvid Team 1/6/2016 9.22 MB 1.3.4

 

 



#8 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 01 February 2017 - 05:27 PM

Just ran AdwCleaner again. It found NTUSER.POL which I haven't seen before.

 

# AdwCleaner v6.043 - Logfile created 01/02/2017 at 17:25:13
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-01.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Harry - ONE
# Running from : C:\Users\Harry\Documents\Tools\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

File Found:  C:\ProgramData\NTUSER.POL

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1455 Bytes] - [30/12/2016 08:52:54]
C:\AdwCleaner\AdwCleaner[C2].txt - [1446 Bytes] - [25/01/2017 04:36:31]
C:\AdwCleaner\AdwCleaner[C3].txt - [2038 Bytes] - [29/01/2017 19:05:51]
C:\AdwCleaner\AdwCleaner[C4].txt - [2253 Bytes] - [31/01/2017 20:31:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1496 Bytes] - [30/12/2016 08:52:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [1642 Bytes] - [07/01/2017 20:10:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1545 Bytes] - [25/01/2017 04:35:42]
C:\AdwCleaner\AdwCleaner[S3].txt - [2059 Bytes] - [29/01/2017 19:04:43]
C:\AdwCleaner\AdwCleaner[S4].txt - [2201 Bytes] - [31/01/2017 16:24:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [2274 Bytes] - [31/01/2017 20:31:04]
C:\AdwCleaner\AdwCleaner[S6].txt - [2051 Bytes] - [01/02/2017 05:06:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [2138 Bytes] - [01/02/2017 17:10:33]
C:\AdwCleaner\AdwCleaner[S8].txt - [2058 Bytes] - [01/02/2017 17:25:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2131 Bytes] ##########



#9 buddy215

buddy215

  • Moderator
  • 13,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:44 AM

Posted 01 February 2017 - 06:41 PM

While I go through the lists and offer suggestions....please rerun AdwCleaner and be sure to choose Clean when the scan is finished.

After doing that, remove AdwCleaner from the computer by opening and choosing Uninstall.


Edited by buddy215, 01 February 2017 - 06:41 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 buddy215

buddy215

  • Moderator
  • 13,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:44 AM

Posted 01 February 2017 - 07:17 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run AnyDVD SlySoft, Inc. C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Steam Valve Corporation "D:\Games\steam.exe" -silent
Yes HKCU:Run Xvid  powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-ONE-Harry Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HWiNFO  "C:\Program Files\HWiNFO64\HWiNFO64.EXE"
Yes Task Installation App Launcher  "C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe"

Yes Task SUPERAntiSpyware Scheduled Task 0ea566e8-cdba-4436-bffc-ac4cd16bdd94 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:0ea566e8-cdba-4436-bffc-ac4cd16bdd94
Yes Task SUPERAntiSpyware Scheduled Task 5f05af96-4f21-4d57-a2bc-e940a25548f7 SUPERAdBlocker.com C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:5f05af96-4f21-4d57-a2bc-e940a25548f7

Yes Task {014604C7-5839-4BB0-815B-F7EB36B7107A}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {044D4D55-56FA-4617-93FD-5864FF74BF0E}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {3737868A-4CE2-41AE-ABFA-6A08C3DD6AD5} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Harry\Documents\Virtual Machine\VirtualBox-5.1.2-108956-Win.exe" -d "C:\Users\Harry\Documents\Virtual Machine"
Yes Task {57E58CA0-819A-449F-A571-2C1B82F3D08D}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {69CE23EB-EA05-4F24-BC9C-BF3DEA14566B}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {70F23D5C-17F6-4C87-B09C-4F789F15524D}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {889B9A17-0EF4-4D24-9274-5564C3871CA5}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {9662228D-453A-48D7-AA8C-F0E20941A3DF} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\NovaLogic\Tachyon\Uninst.isu"
Yes Task {BF3D8947-5FFF-4535-9974-FB9B4847F202}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {C1F00F22-F56A-4A98-B65A-005D7AEFD441}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe
Yes Task {FADA6796-C84C-4045-9872-F9013FF39E9B}  C:\Program Files (x86)\NovaLogic\Tachyon\Tachyon.exe
Yes Task {FCB6AAFB-7205-4291-B679-3827BACA8149}  C:\Program Files (x86)\NovaLogic\Tachyon\space.exe

 

What is this list from? If you can....Disable the 7-Zip items

Yes Directory 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Play with VLC media player VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Drive VMDiskMenuHandler VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll
Yes Drive VMDiskMenuHandler64 VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll
Yes File 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll

 

Uninstall these programs:

Sophos Virus Removal Tool Sophos Limited 1/31/2017 162 MB 2.5.6

SUPERAntiSpyware SUPERAntiSpyware.com 1/29/2017 69.9 MB 6.0.1230 (No longer favored by security pros for a few years)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 02 February 2017 - 04:45 AM

What is this list from? If you can....Disable the 7-Zip items

Yes Directory 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Directory Add to VLC media player's Playlist VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes Directory Play with VLC media player VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes Drive VMDiskMenuHandler VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll
Yes Drive VMDiskMenuHandler64 VMware, Inc. C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll
Yes File 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder 7-Zip Igor Pavlov C:\Program Files\7-Zip\7-zip.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll

 

That's .txt from CCleaner, Tools, Startup, Context Menu


Edited by hdriscoll, 02 February 2017 - 04:47 AM.


#12 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 02 February 2017 - 05:04 AM

Everything is done.


Edited by hdriscoll, 02 February 2017 - 05:07 AM.


#13 buddy215

buddy215

  • Moderator
  • 13,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:44 AM

Posted 02 February 2017 - 07:12 AM

Okay...

 

If you don't have an ad blocker installed....I suggest you install Adblock Plus in both Firefox and Chrome. Once you have installed

click on the ABP icon at the top of the browsers and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus :: Add-ons for Firefox     Adblock Plus - Chrome Web Store


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 hdriscoll

hdriscoll
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 02 February 2017 - 01:42 PM

Installed ADBlock for Chrome. I don't use Firefox. Is there a similar thing for IE?



#15 buddy215

buddy215

  • Moderator
  • 13,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:44 AM

Posted 02 February 2017 - 02:04 PM

Yes there is....Adblock Plus and (a little) more: Adblock Plus 1.4 for IE released

 

You may have your old Firefox profile still on that computer. Do a search for Mozilla. If nothing found...do a search for Firefox.

Delete what the search finds. Desktop > Start > enter search terms in the search box.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users