Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something pops up from time to time


  • Please log in to reply
15 replies to this topic

#1 JonasFH

JonasFH

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 05 January 2018 - 07:08 AM

Hi all,

 

I've the last few weeks experienced that my computer opens something that looks like the top of a browser or folder window. It opens up for somewhere between 30 seconds and max 2 minuts and then it's gone again. I haven't experienced other unusual things, other than my computer being a bit slow and having problems starting up last week, but I don't think it's related. Other than that, I can't always see my Avira in my Toolbar, but when I open my Tast Manager I can still see the processes running.

 

I'm running Windows 10 and my Avira hasn't found any virus or anything. Do you think it's some kind of malware or do you have another explanation?

Thanks in advance and please say if you need more information or clarification of anything!

 

Kind regards,
Jonas

 

xNWI2vt.jpg



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 05 January 2018 - 07:36 AM

Welcome to BC....

 

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 07 January 2018 - 04:13 PM

Thanks a lot for your reply!

I'm doing the scans right now and here's the log from Malwarebytes. Do I need to send the logs from Adwcleaner or ESET?
 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/7/18
Scan Time: 9:44 PM
Log File: 7def385a-f3eb-11e7-a439-001f1636261b.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3645
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: DESKTOP-NSNLGTJ\Jonas Fredslund
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322733
Threats Detected: 8
Threats Quarantined: 8
Time Elapsed: 16 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.DriverAgentPlus, HKU\S-1-5-21-1924025272-2746251322-278256213-1001\SOFTWARE\ESUPPORT.COM\DriverAgent, Quarantined, [2141], [262210],1.0.3645
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
PUP.Optional.DriverAgentPlus, C:\USERS\JONAS FREDSLUND\APPDATA\ROAMING\DRIVERAGENTPLUS, Quarantined, [2141], [182329],1.0.3645
 
File: 6
PUP.Optional.DriverAgentPlus, C:\Users\Jonas Fredslund\AppData\Roaming\DriverAgentPlus\DriverAgentPlus.downloads, Quarantined, [2141], [182329],1.0.3645
PUP.Optional.DriverAgentPlus, C:\Users\Jonas Fredslund\AppData\Roaming\DriverAgentPlus\DriverAgentPlus.history, Quarantined, [2141], [182329],1.0.3645
PUP.Optional.DriverAgentPlus, C:\Users\Jonas Fredslund\AppData\Roaming\DriverAgentPlus\DriverAgentPlus.settings, Quarantined, [2141], [182329],1.0.3645
PUP.Optional.DriverAgentPlus, C:\Users\Jonas Fredslund\AppData\Roaming\DriverAgentPlus\scandata.bin, Quarantined, [2141], [182329],1.0.3645
PUP.Optional.DriverAgentPlus, C:\Users\Jonas Fredslund\AppData\Roaming\DriverAgentPlus\sysinfo.bin, Quarantined, [2141], [182329],1.0.3645
PUP.Optional.DriverAgent, C:\USERS\JONAS FREDSLUND\DOWNLOADS\DRVAGENTRSPLUS-3002070796.EXE, Quarantined, [2183], [345593],1.0.3645
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 07 January 2018 - 04:24 PM

# AdwCleaner 7.0.6.0 - Logfile created on Sun Jan 07 21:19:34 2018
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Enterprise (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\AVG Security Toolbar
Deleted: C:\ProgramData\Application Data\AVG Security Toolbar
Deleted: C:\Users\All Users\AVG Security Toolbar
 
 
***** [ Files ] *****
 
Deleted: C:\END
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1186 B] - [2018/1/7 21:18:4]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#5 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 07 January 2018 - 04:58 PM

AVG is mentioned...its adware....did you uninstall it now that you have Avira?

 

After posting the results of Eset Scan....do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 January 2018 - 07:20 AM

In ESET I didn't place a checkmark in the 'Enable detection of suspicious applications', hope that was how it was supposed that way? But here goes:

​C:\Users\Jonas Fredslund\Downloads\ccsetup537.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting

C:\Users\Jonas Fredslund\Downloads\free-youtube-to-mp3-converter.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting
C:\Users\Jonas Fredslund\Downloads\Windows 10 Activators\KMSpico.10.0.102040 Beta\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application cleaned by deleting
C:\Users\Jonas Fredslund\Downloads\Windows 10 Activators\Microsoft Toolkit 2.5.3\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting
C:\Windows\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.H potentially unsafe application cleaned by deleting


#7 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 January 2018 - 07:31 AM

Windows startups:
 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run GalaxyClient GOG.com C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
No HKCU:Run OneDrive Microsoft Corporation "C:\Users\Jonas Fredslund\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No HKCU:Run Spotify Spotify Ltd C:\Users\Jonas Fredslund\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
No HKCU:Run Spotify Web Helper Spotify Ltd C:\Users\Jonas Fredslund\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
Yes HKLM:Run Avira System Speedup User Starter Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
Yes HKLM:Run Avira SystrayStartTrigger Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
No HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
 
Scheduled Tasks:
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe -check pepperplugin
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Avira_Antivirus_Systray Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
Yes Task AviraSystemSpeedupUpdate Avira Operations GmbH & Co. KG                              C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task-S-1-5-21-1924025272-2746251322-278256213-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task {95620547-F783-4B15-8791-6D9F66ADB616} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\NeverwinterNights\NWN\nwn.exe -d C:\NeverwinterNights\NWN
 
List of programs installed:
3D Builder Microsoft Corporation 12-12-2017 15.1.3342.0
7-Zip 16.02 (x64) Igor Pavlov 12-12-2017 4,75 MB 16.02
ABN AMRO E.dentifier2 Software ABN AMRO BANK 31-08-2016 7,68 MB 03.10
Adobe Acrobat Reader DC - Dansk Adobe Systems Incorporated 30-11-2017 411 MB 18.009.20050
Adobe Flash Player 28 NPAPI Adobe Systems Incorporated 12-12-2017 9,05 MB 28.0.0.126
Adobe Flash Player 28 PPAPI Adobe Systems Incorporated 12-12-2017 8,41 MB 28.0.0.126
Alarmer og ur Microsoft Corporation 15-12-2017 10.1712.3352.0
Appforbindelse Microsoft Corporation 17-09-2016 1.3.3.0
Appinstallation Microsoft Corporation 14-11-2017 1.0.12894.0
Apple Mobile Device Support Apple Inc. 28-12-2017 20,5 MB 11.0.2.4
Apple Software Update Apple Inc. 28-09-2017 7,31 MB 2.4.8.1
Apple-programunderstøttelse (32 bit) Apple Inc. 28-12-2017 132 MB 6.2.1
Apple-programunderstøttelse (64 bit) Apple Inc. 28-12-2017 148 MB 6.2.1
Avira Avira Operations GmbH & Co. KG 07-01-2018 14,8 MB 1.2.103.26908
Avira Antivirus Avira Operations GmbH & Co. KG 04-01-2018 631 MB 15.0.34.17
Avira System Speedup Avira Operations GmbH & Co. KG 11-12-2017 43,5 MB 4.4.0.6828
Battle.net Blizzard Entertainment 12-12-2017 726 MB
Battlefield 1942™ Electronic Arts 12-12-2017 1,21 GB 1.6.20.0
Beskeder Microsoft Corporation 29-11-2017 3.34.25004.0
Billeder Microsoft Corporation 14-12-2017 2017.39101.16720.0
BitRaider Streaming Client BitRaider, LLC 12-12-2017 8,05 MB 1.3.3.4098
Bonjour Apple Inc. 13-01-2016 3,28 MB 3.1.0.1
CCleaner Piriform 12-12-2017 22,3 MB 5.37
Child of Light Ubisoft 12-12-2017
Citavi 5 Swiss Academic Software 10-03-2017 462 MB 5.5.0.1
Conexant 20585 SmartAudio HD Conexant 12-12-2017 4.95.49.53
Dropbox Dropbox, Inc. 12-12-2017 199 MB 40.4.46
Feedback Hub Microsoft Corporation 19-10-2017 1.1708.2831.0
Film og TV Microsoft Corporation 23-12-2017 10.17112.13411.0
Finans Microsoft Corporation 07-09-2017 4.21.2212.0
Free YouTube To MP3 Converter Digital Wave Ltd 20-02-2017 82,4 MB 4.1.36.208
Få hjælp Microsoft Corporation 12-12-2017 10.1706.1981.0
GOG Galaxy GOG.com 25-10-2017 2,56 MB
GOG.com Heroes of Might and Magic 3 12-12-2017
Google Chrome Google Inc. 30-11-2015 353 MB 63.0.3239.84
Groove Musik Microsoft Corporation 14-12-2017 10.17086.24711.0
Hearthstone Blizzard Entertainment 12-12-2017 5,20 GB
Hero Editor V0.96 12-12-2017
Heroes of Might and Magic 3 Complete (4.0) GOG.com 26-11-2017 3,99 MB 0.1.1.310
Hindenburg Journalist Hindenburg Systems ApS 13-02-2017 6,33 MB 1.65.2132
HP Smart HP Inc. 15-12-2017 80.1.346.0
HP Support Assistant HP Inc. 08-09-2016 26,5 MB 8.3.34.7
HP Support Solutions Framework HP Inc. 08-09-2016 14,7 MB 12.5.32.37
iTunes Apple Inc. 28-12-2017 389 MB 12.7.2.60
Jotun GOG.com 07-09-2017 3,99 MB 20170727
Kamera Microsoft Corporation 28-10-2017 2017.921.10.0
Kort Microsoft Corporation 18-10-2017 5.1708.2764.0
Lenovo Power Management Driver Lenovo 12-12-2017 10,2 MB 1.67.10.20
Lommeregner Microsoft Corporation 15-12-2017 10.1712.3351.0
Mail og Kalender Microsoft Corporation 04-01-2018 17.8730.21725.0
MakeMKV v1.10.4 GuinpinSoft inc 12-12-2017 v1.10.4
Malwarebytes version 3.3.1.2183 Malwarebytes 07-01-2018 186 MB 3.3.1.2183
Microsoft .NET Framework 1.1 Microsoft 12-08-2016 6,18 MB 1.1.4322
Microsoft Office 365 - da-dk Microsoft Corporation 15-12-2017 955 MB 16.0.8730.2127
Microsoft Office 365 ProPlus - da-dk Microsoft Corporation 15-12-2017 955 MB 16.0.8730.2127
Microsoft OneDrive Microsoft Corporation 12-12-2017 100 MB 17.3.7131.1115
Microsoft Silverlight Microsoft Corporation 23-07-2017 101 MB 5.1.50907.0
Microsoft Solitaire Collection Microsoft Studios 16-12-2017 3.18.12091.0
Microsoft Sticky Notes Microsoft Corporation 14-12-2017 2.0.5.0
Microsoft Store Microsoft Corporation 06-12-2017 11711.1001.5.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23-07-2017 4,93 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 25-10-2017 7,69 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11-12-2015 1,10 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11-12-2015 2,50 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 23-07-2017 18,3 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 23-07-2017 16,6 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 12-12-2017 20,5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 12-12-2017 17,1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 Microsoft Corporation 12-12-2017 23,5 MB 14.0.24212.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 12-12-2017 19,5 MB 14.0.24215.1
Might and Magic 6 - The Mandate of Heaven GOG.com 02-05-2017 526 MB 2.1.0.42
Might and Magic 7: For Blood and Honor GOG.com 02-05-2017 3,99 MB 1.1_(hotfix)
Mit Office Microsoft Corporation 15-12-2017 17.8830.7600.0
Mixed Reality-viser Microsoft Corporation 05-01-2018 2.1801.4012.0
Mobildatabonnementer Microsoft Corporation 12-12-2017 3.1710.3044.0
Mozilla Firefox 57.0 (x64 da) Mozilla 12-12-2017 142 MB 57.0
Mozilla Maintenance Service Mozilla 12-12-2017 231 KB 57.0.0.6525
Neverwinter Nights 12-12-2017
NVIDIA HD Audio Driver 1.3.30.1 NVIDIA Corporation 12-12-2017 1.3.30.1
NVIDIA PhysX NVIDIA Corporation 22-06-2017 119 MB 9.12.0213
Nyheder Microsoft Corporation 16-12-2017 4.22.3254.0
OneNote Microsoft Corporation 30-12-2017 17.8827.20991.0
OpenOffice 4.1.2 Apache Software Foundation 11-12-2015 310 MB 4.12.9782
Origin Electronic Arts, Inc. 12-12-2017 327 MB 9.10.2.4863
Paint 3D Microsoft Corporation 14-12-2017 3.1712.7027.0
PDF Maker DLL 12-12-2017
PDFill PDF Editor with FREE Writer and FREE Tools PlotSoft LLC 07-11-2016 37,3 MB 13.0
Personer Microsoft Corporation 23-12-2017 10.3.3472.0
PrimoPDF -- brought to you by Nitro PDF Software Nitro PDF Software 12-12-2017 5
Print 3D Microsoft Corporation 12-12-2017 1.0.2572.0
Skype Skype 03-01-2018 12.13.257.0
Skype™ 7.38 Skype Technologies S.A. 20-07-2017 174 MB 7.38.101
Sport Microsoft Corporation 16-12-2017 4.22.3254.0
Spotify Spotify AB 28-10-2017 1.0.66.478.g1296534d
Stemmeoptager Microsoft Corporation 14-12-2017 10.1712.3351.0
Synaptics Pointing Device Driver Synaptics Incorporated 12-12-2017 46,4 MB 19.0.17.115
Telefonguide Microsoft Corporation 29-09-2016 10.1609.2561.0
The Witcher Enhanced Edition Director's Cut GOG.com 25-10-2017 2,71 MB 2.1.0.15
Tips Microsoft Corporation 12-12-2017 6.5.2851.0
Uplay Ubisoft 12-12-2017 3,02 GB 44.0
Vejr Microsoft Corporation 16-12-2017 4.22.3254.0
Visual Studio 2012 x64 Redistributables AVG Technologies 30-11-2015 13,0 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 30-11-2015 40,0 KB 14.0.0.1
VLC for Windows Store VideoLAN 17-09-2016 1.7.0.0
VLC media player VideoLAN 12-12-2017 121 MB 2.2.4
VoiceWalker 12-12-2017
Vært til Store-oplevelse Microsoft Corporation 05-01-2018 11712.1712.12003.0
Wallet Microsoft Corporation 20-07-2017 1.0.16328.0
Xbox Microsoft Corporation 15-12-2017 36.36.12003.0
Xbox Game bar Microsoft Corporation 14-12-2017 1.24.5001.0
Xbox Game Speech Window Microsoft Corporation 16-12-2017 1.21.13002.0
Xbox Identity Provider Microsoft Corporation 12-12-2017 12.30.5001.0
Xbox Live Microsoft Corporation 15-12-2017 1.11.29001.0
Xerox Print Experience Xerox Corp 17-05-2017 6.242.10.0


#8 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 January 2018 - 07:34 AM

Regarding AVG: Actually I can't remember if I had AVG before Avira. I usually uninstall programs when I don't use them anymore, but I simply can't remember if I installed it or if I uninstalled it, if I changed from that to Avira.



#9 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 08 January 2018 - 08:57 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run Avira System Speedup User Starter Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task AviraSystemSpeedupUpdate Avira Operations GmbH & Co. KG                              C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task-S-1-5-21-1924025272-2746251322-278256213-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task {95620547-F783-4B15-8791-6D9F66ADB616} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\NeverwinterNights\NWN\nwn.exe -d C:\NeverwinterNights\NWN
 
Uninstall these programs: Suggest using Download Revo Uninstaller Freeware in Advanced Mode.
Avira System Speedup Avira Operations GmbH & Co. KG 11-12-2017 43,5 MB 4.4.0.6828
 
Update Mozilla Firefox 57.0 (x64 da) Mozilla 12-12-2017 142 MB 57.0
 
After completing the above and rebooting the computer....please tell me of any problems or errors.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 January 2018 - 09:49 AM

Okay, now I did everything you advised me to do. I didn't experience any problems or errors when restarting my computer, but I'm not sure it that thing that kept popping up is gone. ESET and Malwarebytes did remove some threats, so time will tell I guess.

 

Is there anything else I should do? And if not, I just want to thank you a lot, it was really nice that you replied so fast all the time! I'm sure that removing the found threats and disabling all those tasks will improve my computers performance and hopefully the thing will stop popping up all the time.

 

Thanks a lot again and have a nice day!

 

Kind regards,
Jonas



#11 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 08 January 2018 - 10:06 AM

You're welcome...if the problem pops up again...post back.

 

Happy surfin'...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 10 January 2018 - 07:31 AM

Okay, so the thing just popped up again. I can see that the picture I posted in my first post is gone, so here it's again. Do you have any other advises on what to do or if it's something that I should be worried about?8WdeSrL.jpg



#13 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 10 January 2018 - 07:38 AM

By clicking and holding the thing I could drag it around. By accident I then double-clicked it and it opened the white box in the ledt corner of my screen. When I pushed that, It opened the Windows message-box that you see.NGjCcrw.jpg



#14 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:30 PM

Posted 10 January 2018 - 08:38 AM

FROM THE WEBSITE  What is Avira In Product Messaging (IPM)?

 

What is Avira In Product Messaging (IPM)?

Info.png
Avira In Product Messaging (IPM) is a "slide-up" message window, which is designed to inform customers about various current Avira offers and products.

Why does IPMgui.exe establish an internet connection?

After each start of the computer the IPMgui.exe connects itself to the Internet to perform an information update of the current Avira database. The updates will be executed regularly during the day, but not at a fixed schedule.

grey-stripe-kb.jpg
Note
IPM slide-up messages are triggered only with the Free Antivirus version and cannot be disabled. The IPM slide-up message disappear only after an upgrade to the Pro version.

 

EDIT: highlighted "cannot be disabled"


Edited by buddy215, 10 January 2018 - 08:54 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 JonasFH

JonasFH
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 10 January 2018 - 09:06 AM

Oh okay, no wonder that all the scans and quarantines didn't remove it then. That also answers my initial question, that it wasn't anything malicious. But Malwarebytes and ESET still found some threats, so still I good thing that I wrote a post here.

 

Thanks again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users