Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicion of infected system


  • Please log in to reply
8 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 13 October 2017 - 08:24 PM

Hello,

 

Using a Win 10 x 64 laptop.  Upon fresh start up, once at the desktop, I see two CMD or DOS windows appear layered with one another very quickly and then they disappear.  I receive the unit back from HP repair not that long ago, but I think this issue started within the last month.  I was wondering if this may be related to any security patches from MS?  I have run A/V with no results.  I do have CCleaner but I only use it for standard cleaning, not anything registry-related.  I also noticed my A/V starts up a little late than usual, like it has a delay, which it is not supposed to have.

 

I'm at a loss at what is going on.  

 

The unit runs smoothly but it has very good resources, too.  I would like to work with someone here to run a few tests to double check and also identify what these DOS windows are running at startup.

 

Any help is appreciated.

 

'Shley



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:46 PM

Posted 14 October 2017 - 07:30 AM

You can use CCleaner to check what is in Windows Startups and Scheduled Tasks. If you would like me to review those items

then post them per instructions below.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 14 October 2017 - 09:55 AM

Here are the three .txt files, for review.

 

Startup:
 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd HP "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run GoogleDriveSync Google Inc HP "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes HKCU:Run OneDrive Microsoft Corporation HP "C:\Users\HP\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run AccelerometerSysTrayApplet Hewlett-Packard Company All users C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
No HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. All users "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated All users "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run DeliveryAndStatusCheck HP All users C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
Yes HKLM:Run HP Software Update Hewlett-Packard All users C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService HP Inc. All users C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Yes HKLM:Run HPRadioMgr HP All users C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
Yes HKLM:Run Intel® WiDi Receiver Updater All users C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
Yes HKLM:Run NvBackend NVIDIA Corporation All users "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run PowerDVD14Agent CyberLink Corp. All users "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor All users "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SecurityHealth Microsoft Corporation All users %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation All users C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation All users "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. All users C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
 
Startup Tasks:
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated All users C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated HP C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe -check pepperplugin
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd HP "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForHP Hewlett-Packard HP C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForHP (null)
Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec Intel Corporation All users "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic
Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon Intel Corporation All users "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 All users C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic
Yes Task OneDrive Standalone Update Task-S-1-5-21-2509234735-659917185-2427906915-1001 Microsoft Corporation HP %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
 
Install:
3D Builder Microsoft Corporation 8/29/2017 14.1.1302.0 All users
Adobe Acrobat XI Pro Adobe Systems 8/26/2017 2.06 GB 11.0.22 All users
Adobe Flash Player 27 PPAPI Adobe Systems Incorporated 10/10/2017 5.23 MB 27.0.0.159 All users
Adobe PDF iFilter 11 for 64-bit platforms Adobe 8/26/2017 66.1 MB 11.0.00 All users
Adobe Shockwave Player 12.2 Adobe Systems, Inc. 8/30/2017 34.4 MB 12.2.9.199 All users
Alarms & Clock Microsoft Corporation 10/6/2017 10.1709.2621.0 All users
Amazon Amazon.com 8/29/2017 2016.829.2800.0 All users
Amazon Kindle Amazon 9/10/2017 1.20.1.47037 HP
App connector Microsoft Corporation 8/29/2017 1.3.3.0 All users
App Installer Microsoft Corporation 8/29/2017 1.0.10332.0 All users
Backup and Sync from Google Google, Inc. 9/7/2017 100 MB 3.36.6721.3394 All users
Bonjour Apple Inc. 8/23/2017 3.23 MB 3.0.0.10 All users
Calculator Microsoft Corporation 10/10/2017 10.1709.2703.0 All users
Camera Microsoft Corporation 9/19/2017 2017.727.40.0 All users
Candy Crush Soda Saga king.com 9/25/2017 1.98.500.0 All users
CCleaner Piriform 9/22/2017 20.5 MB 5.35 All users
CyberLink PhotoDirector CyberLink Corp. 8/30/2017 227 MB 5.0.6.7006 All users
CyberLink Power Media Player 14 CyberLink Corp. 9/22/2017 389 MB 14.0.2.5829 All users
CyberLink PowerDirector 12 CyberLink Corp. 9/22/2017 449 MB 12.0.5.4601 All users
CyberLink YouCam CyberLink Corp. 8/30/2017 527 MB 6.0.2.4627 All users
EndNote X8 Thomson Reuters 9/16/2017 215 MB 18.1.0.11010 All users
Energy Star Hewlett-Packard Company 8/23/2017 6.79 MB 1.0.9 All users
Evernote v. 5.8.13 Evernote Corp. 8/23/2017 207 MB 5.8.13.8152 All users
Family Tree Maker 2017 Software MacKiev 9/15/2017 620 MB 23.0.1343 All users
Feedback Hub Microsoft Corporation 8/29/2017 1.1705.2121.0 All users
Get Office Microsoft Corporation 8/29/2017 17.8414.5925.0 All users
Google Chrome Google Inc. 8/27/2017 352 MB 61.0.3163.100 All users
Groove Music Microsoft Corporation 10/10/2017 10.17083.18321.0 All users
Hearts Deluxe Random Salad Games LLC 8/29/2017 6.2.9.0 All users
HitmanPro 3.7 SurfRight B.V. 9/26/2017 11.1 MB 3.7.20.286 All users
HP 3D DriveGuard Hewlett-Packard Company 8/23/2017 4.00 MB 6.0.28.1 All users
HP CoolSense HP Inc. 12/21/2015 4.93 MB 2.21.2 All users
HP Customer Participation Program 14.0 HP 9/4/2017 14.0 All users
HP Documentation HP 8/28/2017 All users
HP ePrint SW HP 8/30/2017 64.9 MB 5.0.18701 All users
HP Imaging Device Functions 14.0 HP 9/4/2017 14.0 All users
HP Officejet J4500 Series 14.0 Rel. 6 HP 9/4/2017 14.0 All users
HP Registration Service Hewlett-Packard 8/23/2017 24.3 MB 1.2.8305.5282 All users
HP Solution Center 14.0 HP 9/4/2017 14.0 All users
HP Support Assistant Hewlett-Packard Company 8/23/2017 56.2 MB 8.5.37.19 All users
HP Support Solutions Framework Hewlett-Packard Company 8/23/2017 11.1 MB 12.8.37.11 All users
HP System Event Utility HP Inc. 10/14/2017 8.54 MB 1.4.11 All users
HP Update Hewlett-Packard 9/4/2017 8.08 MB 5.005.002.002 All users
HP Welcome HP Inc. 8/28/2017 1.0 All users
HP Wireless Button Driver HP 9/9/2017 2.68 MB 1.1.15.1 All users
Intel® Dynamic Platform and Thermal Framework Intel Corporation 9/1/2017 13.1 MB 8.1.10600.150 All users
Intel® Management Engine Components Intel Corporation 8/23/2017 11.0.0.1168 All users
Intel® Processor Graphics Intel Corporation 8/29/2017 21.20.16.4542 All users
Intel® Rapid Storage Technology Intel Corporation 8/23/2017 14.5.2.1088 All users
Intel® Serial IO Intel Corporation 8/23/2017 30.100.1519.7 All users
Intel® WiDi Intel Corporation 8/23/2017 93.8 MB 6.0.52.0 All users
Intel® Wireless Bluetooth® Intel Corporation 9/9/2017 20.3 MB 18.1.1605.3087 All users
Intel® PROSet/Wireless Software Intel Corporation 9/22/2017 222 MB 19.71.0 All users
Intel® Software Guard Extensions Platform Software Intel Corporation 9/1/2017 17.4 MB 1.0.26920.1393 All users
Java 8 Update 144 Oracle Corporation 10/2/2017 190 MB 8.0.1440.1 All users
Kaspersky Secure Connection Kaspersky Lab 9/7/2017 22.0 MB 18.0.0.405 All users
Kaspersky Total Security Kaspersky Lab 8/30/2017 95.5 MB 18.0.0.405 All users
KB4023057 Microsoft Corporation 8/25/2017 466 KB 2.3.0.0 All users
Mail and Calendar Microsoft Corporation 10/10/2017 17.8600.40525.0 All users
Maps Microsoft Corporation 8/29/2017 5.1706.2001.0 All users
Messaging Microsoft Corporation 8/29/2017 3.26.24002.0 All users
Microsoft Office 365 ProPlus - en-us Microsoft Corporation 10/13/2017 1.29 GB 16.0.8528.2137 All users
Microsoft OneDrive Microsoft Corporation 10/11/2017 100 MB 17.3.7064.1005 HP
Microsoft Small Basic v1.2 Microsoft Corporation 9/19/2017 20.2 MB 1.2.0.0 HP
Microsoft Solitaire Collection Microsoft Studios 9/29/2017 3.17.8162.0 All users
Microsoft Sticky Notes Microsoft Corporation 8/29/2017 1.8.0.0 All users
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8/23/2017 5.41 MB 8.0.59193 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 8/23/2017 1.10 MB 9.0.30729 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 8/23/2017 2.98 MB 9.0.30729.4148 All users
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 8/23/2017 2.93 MB 10.0.40219 All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 8/23/2017 2.56 MB 10.0.40219 All users
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 8/28/2017 20.5 MB 11.0.61030.0 All users
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 8/28/2017 17.3 MB 11.0.61030.0 All users
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 8/28/2017 20.5 MB 12.0.30501.0 All users
Microsoft Wi-Fi Microsoft Corporation 8/29/2017 1.1604.4.0 All users
Mixed Reality Viewer Microsoft Corporation 9/28/2017 2.1709.8012.0 All users
Money Microsoft Corporation 8/30/2017 4.21.2212.0 All users
Movies & TV Microsoft Corporation 9/28/2017 10.17082.14121.0 All users
Netflix Netflix, Inc. 10/12/2017 6.37.190.0 All users
News Microsoft Corporation 8/30/2017 4.21.2212.0 All users
NVIDIA GeForce Experience 2.4.5.57 NVIDIA Corporation 8/23/2017 24.5 MB 2.4.5.57 All users
NVIDIA Graphics Driver 376.82 NVIDIA Corporation 8/25/2017 680 MB 376.82 All users
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 8/23/2017 348 MB 9.15.0428 All users
OCR Software by I.R.I.S. 14.0 HP 9/4/2017 14.0 All users
OneNote Microsoft Corporation 10/10/2017 17.8568.57631.0 All users
Paid Wi-Fi & Cellular Microsoft Corporation 9/19/2017 2.1709.2484.0 All users
Paint 3D Microsoft Corporation 10/11/2017 3.1710.4027.0 All users
People Microsoft Corporation 8/29/2017 10.2.1451.0 All users
Phone Microsoft Corporation 8/29/2017 1.10.23004.0 All users
Phone Companion Microsoft Corporation 8/29/2017 10.1609.2561.0 All users
PhotoDirector CyberLink Corp. 8/23/2017 227 MB 5.0.6.7006 All users
Photos Microsoft Corporation 10/5/2017 2017.39081.15820.0 All users
PowerDirector CyberLink Corp. 8/23/2017 449 MB 12.0.5.4601 All users
Realtek Card Reader Realtek Semiconductor Corp. 9/1/2017 47.9 MB 10.0.370.94 All users
Realtek Ethernet Controller Driver Realtek 8/23/2017 29.7 MB 10.1.505.2015 All users
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 9/1/2017 36.5 MB 6.0.1.7730 All users
ResearchSoft Direct Export Helper Thomson Reuters 8/30/2017 766 KB All users
Revo Uninstaller Pro 3.1.9 VS Revo Group, Ltd. 8/30/2017 41.9 MB 3.1.9 All users
RogueKiller version 12.11.18.0 Adlice Software 10/6/2017 80.4 MB 12.11.18.0 All users
Shop for HP Supplies HP 9/4/2017 14.0 All users
Simple Solitaire Random Salad Games LLC 8/29/2017 6.4.11.0 All users
Skype Skype 8/29/2017 11.19.856.0 All users
Snapfish Snapfish 8/29/2017 6.0.588.0 All users
Sports Microsoft Corporation 8/30/2017 4.21.2212.0 All users
Store Microsoft Corporation 10/5/2017 11708.1001.30.0 All users
Store Experience Host Microsoft Corporation 8/29/2017 11707.1707.25006.0 All users
Sway Microsoft Corporation 8/29/2017 17.8471.45091.0 All users
Synaptics ClickPad Driver Synaptics Incorporated 9/29/2017 46.4 MB 19.3.31.31 All users
Synaptics WBF DDK Synaptics 8/23/2017 31.6 MB 4.5.327.0 All users
Tips Microsoft Corporation 8/29/2017 5.11.1641.0 All users
TripAdvisor Hotels Flights Restaurants TripAdvisor LLC 8/29/2017 1.5.10.0 All users
Twitter Twitter Inc. 8/29/2017 5.8.1.0 All users
VLC media player VideoLAN 9/5/2017 131 MB 2.2.6 All users
Voice Recorder Microsoft Corporation 10/10/2017 10.1709.2703.0 All users
Vulkan Run Time Libraries 1.0.26.0 LunarG, Inc. 8/28/2017 1.66 MB 1.0.26.0 All users
Wallet Microsoft Corporation 8/29/2017 1.0.16328.0 All users
Weather Microsoft Corporation 8/31/2017 4.21.2212.0 All users
Windows 10 Update and Privacy Settings Microsoft Corporation 8/25/2017 2.10 MB 1.0.14.0 All users
Xbox Microsoft Corporation 10/4/2017 33.33.15001.0 All users
Xbox Game bar Microsoft Corporation 9/14/2017 1.21.11001.0 All users
Xbox Game Speech Window Microsoft Corporation 8/29/2017 1.14.2002.0 All users
Xbox Identity Provider Microsoft Corporation 8/29/2017 11.29.23003.0 All users
 

 



#4 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:46 PM

Posted 14 October 2017 - 01:58 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd HP "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated All users "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run DeliveryAndStatusCheck HP All users C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
Yes HKLM:Run HP Software Update Hewlett-Packard All users C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService HP Inc. All users C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation All users C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation All users "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
Suggest Disabling these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated All users C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd HP "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForHP Hewlett-Packard HP C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForHP (null)
Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec Intel Corporation All users "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic
Yes Task IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon Intel Corporation All users "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic
Yes Task IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 All users C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic
Yes Task OneDrive Standalone Update Task-S-1-5-21-2509234735-659917185-2427906915-1001 Microsoft Corporation HP %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
 
Uninstall these programs: (Use your Revo Uninstaller)
Candy Crush Soda Saga king.com 9/25/2017 1.98.500.0 All users
HP Customer Participation Program 14.0 HP 9/4/2017 14.0 All users
Java 8 Update 144 Oracle Corporation 10/2/2017 190 MB 8.0.1440.1 All users (Keep it if you use it....most users don't need it)
RogueKiller version 12.11.18.0 Adlice Software 10/6/2017 80.4 MB 12.11.18.0 All users
 
Once you've completed the above...run these scans:
 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 14 October 2017 - 03:19 PM

Configured as per your specs, including uninstalls.

Malwarebytes summary below (I'll post the Adw Cleaner & JRT in next post).
 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/14/17
Scan Time: 4:12 PM
Log File: 0d21af48-b11c-11e7-bb3c-1002b58880c8.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3012
License: Expired
 
-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: LAPTOP-TLNKIGA9\HP
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370142
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 14 October 2017 - 03:24 PM

AdwCleaner:
 

# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 14 20:23:05 2017
# Updated on 2017/29/09 by Malwarebytes 
# Database: 10-13-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2017/8/30 16:4:36]
C:/AdwCleaner/AdwCleaner[S1].txt - [1010 B] - [2017/9/8 2:58:45]
C:/AdwCleaner/AdwCleaner[S2].txt - [1076 B] - [2017/9/15 21:55:38]
C:/AdwCleaner/AdwCleaner[S3].txt - [1144 B] - [2017/10/2 7:33:10]
C:/AdwCleaner/AdwCleaner[S4].txt - [1211 B] - [2017/10/6 21:9:27]
C:/AdwCleaner/AdwCleaner[S5].txt - [1278 B] - [2017/10/14 7:2:34]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt ##########


#7 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 14 October 2017 - 03:27 PM

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by HP (Administrator) on Sat 10/14/2017 at 16:24:47.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/14/2017 at 16:26:43.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 14 October 2017 - 03:30 PM

When I restarted system after re-configuring and uninstalling, those start up DOS windows no longer flash up, which is a good sign.  I am thinking they were related to the HP Customer Experience program because when I uninstalled it, I saw them flash up for a second as the uninstaller ran.

 

Thank you.

 

Is there anything else I should check? 



#9 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:46 PM

Posted 14 October 2017 - 04:04 PM

I think you are good to go...happy surfin'

 

You're welcome..


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users