Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Two Crss.exe's running?
#1
Information 
I run an asus computer (not sure what kind exactly) I think it is running windows 8 or 8.1 (one of them two). It only has one user on which is my main user. I noticed when I open task manager and go through a few things (I usually like to check whats running) I see two crss.exe's. They both appear to be by the same company but when I google it, they usually say its a virus which your anti-virus software cannot pick up (I use Mccafee BT Net Protect Plus). But i'm not sure as they have pretty much the same details. Same username, same description. (I'll attach the details of both below)

So is it a virus? Also can anyone recommend a good anti-virus software and/or tell me if my anti-virus is good? Thank you in advance.

Details:
Name: crss.exe
PID: 608
Status: running
Username: SYSTEM
CPU: 0
Memory: 1,076K
Description: Client server runtime process

Name: crss.exe
PID: 5948
Status: running
CPU: 0
Memory: 1,060K
Description: Client server runtime process
Reply

#2
[Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Reply

#3
(10-06-2015, 03:35 PM)Compton Wrote:  [Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.


Thanks for your help. I was shocked at the amount of results but I'm not sure if I should remove them or not.

Here are the results...
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 06/10/2015
Scan Time: 20:59
Logfile: file.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.06.05
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Asus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360781
Time Elapsed: 34 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [b9049ab9b9d23bfb267fd421877b51af],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [b9049ab9b9d23bfb267fd421877b51af],
PUP.Optional.GetNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [b9049ab9b9d23bfb267fd421877b51af],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [b9049ab9b9d23bfb267fd421877b51af],
PUP.Optional.GetNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [b9049ab9b9d23bfb267fd421877b51af],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [b9049ab9b9d23bfb267fd421877b51af],
PUP.Optional.MyStart, HKLM\SOFTWARE\WOW6432NODE\mystarttb, , [477654ffa7e49d9921134a741fe52ed2],
PUP.Optional.GetNowUpdater, HKU\S-1-5-21-3153954475-3655212625-4016578082-1001\SOFTWARE\GetNowUpdater, , [f6c72b286a212214b442d9d4ae5654ac],
PUP.Optional.Squeaky, HKU\S-1-5-21-3153954475-3655212625-4016578082-1001\SOFTWARE\Squeaky, , [b50867ecaedd2d09664f6a64e420d729],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 30
PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy, , [9924173c4744cd69575a7e8d9b68946c],
PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\40755940CFE44C6FAA64627D76647B1B, , [9924173c4744cd69575a7e8d9b68946c],
PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Roaming\OpenCandy\40F82C65363B499EB91E35D950B2EAF2, , [9924173c4744cd69575a7e8d9b68946c],
PUP.Optional.BrowserHelper, C:\Users\Asus\AppData\Local\Temp\bhfiles, , [4b7294bfed9e9c9a8ffd46d240c3ee12],
PUP.Optional.BrowserHelper, C:\Users\Asus\AppData\Local\Temp\bhfiles\x86, , [4b7294bfed9e9c9a8ffd46d240c3ee12],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\html_res, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\accessible, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\audio, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\bearer, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\designer, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\iconengines, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\mediaservice, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\platforms, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\playlistformats, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\position, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\printsupport, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\qml1tooling, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\qmltooling, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sensorgestures, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sensors, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sqldrivers, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Local\GetnowUninstall, , [ceefc3903f4ce74f4c57d354f60d15eb],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Local\GetNowUpdater, , [6558cc87107ba78fdacaee39ba4913ed],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Local\GetNowUpdater\inst, , [6558cc87107ba78fdacaee39ba4913ed],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Local\GetNowUpdater\inst\Bootstrapper, , [6558cc87107ba78fdacaee39ba4913ed],
PUP.Optional.IHlpr, C:\Users\Asus\AppData\Roaming\IHlpr\40755940CFE44C6FAA64627D76647B1B, , [c3fa1b38f6952a0c81529d8cab58da26],
PUP.Optional.IHlpr, C:\Users\Asus\AppData\Roaming\IHlpr\40F82C65363B499EB91E35D950B2EAF2, , [6e4f4d064e3d0f272aa97bae937007f9],

Files: 53
PUP.Optional.Yappyz, C:\Users\Asus\AppData\Roaming\Angry_Birds\Angry_Birds.exe, , [68557ed58b0088ae20d77a49a160a55b],
PUP.Optional.MindSpark, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_premierdownloadmanager.dl.tb.ask.com_0.localstorage, , [b20b8dc65f2c55e15fe39524ab59be42],
PUP.Optional.MindSpark, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_premierdownloadmanager.dl.tb.ask.com_0.localstorage-journal, , [06b7a5ae76158babf34fdddce420c040],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\html_res\store.html, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\html_res\style.css, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\html_res\updater.html, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\accessible\qtaccessiblequick​.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\accessible\qtaccessiblewidge​ts.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\audio\qtaudio_windows.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\bearer\qgenericbearer.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\bearer\qnativewifibearer.dll​, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\designer\qaxwidget.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\designer\qdeclarativeview.dl​l, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\designer\qquickwidget.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\designer\qwebview.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\iconengines\qsvgicon.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qdds.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qgif.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qicns.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qico.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qjp2.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qjpeg.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qmng.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qsvg.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qtga.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qtiff.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qwbmp.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\imageformats\qwebp.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\mediaservice\dsengine.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\mediaservice\qtmedia_audioen​gine.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\mediaservice\wmfengine.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\platforms\qminimal.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\platforms\qoffscreen.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\platforms\qwindows.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\playlistformats\qtmultimedia​_m3u.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\position\qtposition_position​poll.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\printsupport\windowsprinters​upport.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\qml1tooling\qmldbg_inspector​.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\qml1tooling\qmldbg_tcp_qtdec​larative.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\qmltooling\qmldbg_qtquick2.d​ll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\qmltooling\qmldbg_tcp.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sensorgestures\qtsensorgestu​res_plugin.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sensorgestures\qtsensorgestu​res_shakeplugin.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sensors\qtsensors_dummy.dll,​ , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sensors\qtsensors_generic.dl​l, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sqldrivers\qsqlite.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sqldrivers\qsqlmysql.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sqldrivers\qsqlodbc.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Roaming\GetnowUpdater\plugins\sqldrivers\qsqlpsql.dll, , [b805d47f2f5c2f07742e6cbb00032fd1],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Local\GetNowUpdater\autoupdateAppInfo.txt, , [6558cc87107ba78fdacaee39ba4913ed],
PUP.Optional.GetNowUpdater, C:\Users\Asus\AppData\Local\GetNowUpdater\inst\Bootstrapper\GetNowUpdaterUninsta​ll.exe, , [6558cc87107ba78fdacaee39ba4913ed],
PUP.Optional.IHlpr, C:\Users\Asus\AppData\Roaming\IHlpr\40755940CFE44C6FAA64627D76647B1B\qms.exe, , [c3fa1b38f6952a0c81529d8cab58da26],
PUP.Optional.IHlpr, C:\Users\Asus\AppData\Roaming\IHlpr\40F82C65363B499EB91E35D950B2EAF2\TuneUpUtili​ties_UK_Exp2.exe, , [6e4f4d064e3d0f272aa97bae937007f9],

Physical Sectors: 0
(No malicious items detected)


(end)
Reply

#4
yes remove all of them


[Image: adwcleaner_new.png] Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on [Image: adwcleaner_new.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

[Image: JRTbythisisu.png] Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on [Image: JRTbythisisu.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply
Reply

#5
(10-06-2015, 08:56 PM)Compton Wrote:  yes remove all of them


[Image: adwcleaner_new.png] Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.



  • Right-click on [Image: adwcleaner_new.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

[Image: JRTbythisisu.png] Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on [Image: JRTbythisisu.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply

I couldn't download JRT but I did download Adwcleaner heres the log.....

# AdwCleaner v5.013 - Logfile created 11/10/2015 at 15:50:34
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Asus - ARIA
# Running from : C:\Users\Asus\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\EmailNotifier
[-] Folder Deleted : C:\Users\Asus\AppData\Local\Temp\GetNowUpdater
[-] Folder Deleted : C:\Users\Asus\AppData\Roaming\IHlpr
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Files ] *****

[-] File Deleted : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Appscion
[-] Key Deleted : HKLM\SOFTWARE\Email Notifier
[!] Key Not Deleted : [x64] HKCU\Software\Appscion

***** [ Web browsers ] *****

[-] [C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1577 bytes] ##########
Reply

#6
ok try downloading Junkware Removal Tool its working on my end




[Image: hitmanpro.png]HitmanPro



  • Please download HitmanPro.
  • Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!


    [Image: FRST.png] Scan with Farbar Recovery Scan Tool


    Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
    • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

    Please copy and paste their content into your next reply.
Reply

#7
I Have restore this Thread because I see no reason for deleting it

I have given you a warning Deleting post or Thread:
Reply

#8
it's same thing on my computer too, i think it's normal
   
Reply

#9
Mine too
   
WannaBeGeek
Reply

#10
Yep tis normal as they run different background services. You tend to see it more often on 64bit systems.
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.