Jump to content

C:\ProgramData\boost_Interprocess


Recommended Posts

I am posting here at the suggestion of Malwarebytes expert John L. Galt who referred me here from another forum group.

 

My problem is that Every time I run adwcleaner it shows that C:\ProgramData\boost_Interprocess needs to be "cleaned" however when I next run an adwcleaner scan it shows up again. Is C:\ProgramData\boost_Interprocess something that I should remove permanently from my laptop?

 

A short time ago I ran adwcleaner and got the following report:and once again C:|ProgramData\boost_Interprocess had appeared and the report shows it has been removed but if I run the adwcleaner again it will rear its ugly head once again.

 

# AdwCleaner v3.017 - Report created 26/01/2014 at 02:00:21

# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v33.0.1750.46
 
[ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
Mr. Galt asked me:  "Are you perchance using http://www.cloudfogger.com/en/ to encrypt items going into cloud-based apps like SkyDrive, DropBox, or Google Drive?  If so, then that is what created that folder.  And if you are not, are you using *ANY* app that provides this (or similar) functionality?  
 
I do not know what "Cloud Fogger" is but to my knowledge I am not using it or any similar functionality.  Is there a way on can confirm this?
 
How may I purge the C:\ProgramData\_Interprocess program?
 
Thank you for your assistance.

 

 

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Kevin......

Link to post
Share on other sites

When I cut and paste the FRST.TXt and attach Addition.txt and then attempt to send it as a reply I get a message that says:

 

Your post was too long. Please go back and shorten it a little.

 

I do not know what would be appropriate to delete from the report or how much to delete to reply with.

 

May I send both reports as attachments?

 

What do you advise I do?

 

Thank you.

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log,,

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


 

 

Let me see those logs....

 

fixlist.txt

Link to post
Share on other sites

 

 


Ran by Lewis at 2014-01-26 15:32:24 Run:2

Running from C:\Users\Lewis\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\ProgramData\boost_interprocess

C:\Users\Lewis\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Lewis\AppData\Local\Temp\Quarantine.exe

Task: {567B2931-6928-4AAA-BB37-314CF9D14C71} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION

Task: {D7770647-5635-4277-8B2E-81AE11F5408D} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End

*****************

 

"C:\ProgramData\boost_interprocess" => File/Directory not found.

"C:\Users\Lewis\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.

"C:\Users\Lewis\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567B2931-6928-4AAA-BB37-314CF9D14C71} => Key not found.

C:\Windows\System32\Tasks\ProgramRefresh-ATFST not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7770647-5635-4277-8B2E-81AE11F5408D} => Key not found.

C:\Windows\System32\Tasks\ProgramUpdateCheck not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => Key not found.

"C:\ProgramData\Temp" => ":5C321E34" ADS not found.

 

==== End of Fixlog ====

 


Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.26.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Lewis :: LEWIS-PC [administrator]

 

Protection: Enabled

 

1/26/2014 3:37:13 PM

mbam-log-2014-01-26 (15-37-13).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210269

Time elapsed: 1 minute(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 


# AdwCleaner v3.017 - Report created 26/01/2014 at 15:39:44

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Lewis - LEWIS-PC

# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v33.0.1750.46

 

[ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [810 octets] - [14/01/2014 08:25:06]

AdwCleaner[R10].txt - [683 octets] - [26/01/2014 15:39:44]

AdwCleaner[R1].txt - [2539 octets] - [15/01/2014 12:35:35]

AdwCleaner[R2].txt - [2518 octets] - [16/01/2014 06:06:44]

AdwCleaner[R3].txt - [2639 octets] - [16/01/2014 07:10:10]

AdwCleaner[R4].txt - [2841 octets] - [16/01/2014 18:08:18]

AdwCleaner[R5].txt - [4283 octets] - [16/01/2014 18:36:33]

AdwCleaner[R6].txt - [1530 octets] - [25/01/2014 17:00:30]

AdwCleaner[R7].txt - [1650 octets] - [26/01/2014 01:49:17]

AdwCleaner[R8].txt - [1722 octets] - [26/01/2014 15:06:30]

AdwCleaner[R9].txt - [1782 octets] - [26/01/2014 15:11:32]

AdwCleaner[s0].txt - [874 octets] - [14/01/2014 08:27:27]

AdwCleaner[s1].txt - [2159 octets] - [15/01/2014 12:36:49]

AdwCleaner[s2].txt - [2589 octets] - [16/01/2014 06:07:53]

AdwCleaner[s3].txt - [2710 octets] - [16/01/2014 07:12:04]

AdwCleaner[s4].txt - [2916 octets] - [16/01/2014 18:09:47]

AdwCleaner[s5].txt - [3852 octets] - [16/01/2014 18:37:47]

AdwCleaner[s6].txt - [1595 octets] - [25/01/2014 17:03:58]

AdwCleaner[s7].txt - [1715 octets] - [26/01/2014 02:00:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [1762 octets] ##########

 



Link to post
Share on other sites

Oops, I made a mistake.  I ran [or thought I had ran] all of the processes you requested.  When done I could not find each of the reports [entirely my fault] so I ran them again.

 

I just checked and hopefully I have found the proper reports you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-01-2014 01
Ran by Lewis at 2014-01-26 14:55:24 Run:1
Running from C:\Users\Lewis\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\ProgramData\boost_interprocess
C:\Users\Lewis\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lewis\AppData\Local\Temp\Quarantine.exe
Task: {567B2931-6928-4AAA-BB37-314CF9D14C71} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {D7770647-5635-4277-8B2E-81AE11F5408D} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
End
*****************
 
 
"C:\ProgramData\boost_interprocess" directory move:
 
C:\ProgramData\boost_interprocess\20140126125251.109999\Nobu64AgentService2.8.1.10 => Moved successfully.
C:\ProgramData\boost_interprocess\20140126125251.109999\Nobu64TrayIcon2.8.1.10 => Moved successfully.
"C:\ProgramData\boost_interprocess" => Directory moved successfully.
 
C:\Users\Lewis\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567B2931-6928-4AAA-BB37-314CF9D14C71} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567B2931-6928-4AAA-BB37-314CF9D14C71} => Key deleted successfully.
C:\Windows\System32\Tasks\ProgramRefresh-ATFST => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7770647-5635-4277-8B2E-81AE11F5408D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7770647-5635-4277-8B2E-81AE11F5408D} => Key deleted successfully.
C:\Windows\System32\Tasks\ProgramUpdateCheck => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => Key deleted successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
==== End of Fixlog ====
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.26.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Lewis :: LEWIS-PC [administrator]
 
Protection: Enabled
 
1/26/2014 2:58:46 PM
mbam-log-2014-01-26 (14-58-46).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210378
Time elapsed: 3 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
# AdwCleaner v3.017 - Report created 26/01/2014 at 15:11:32
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
 
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v33.0.1750.46
 
[ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [810 octets] - [14/01/2014 08:25:06]
AdwCleaner[R1].txt - [2539 octets] - [15/01/2014 12:35:35]
AdwCleaner[R2].txt - [2518 octets] - [16/01/2014 06:06:44]
AdwCleaner[R3].txt - [2639 octets] - [16/01/2014 07:10:10]
AdwCleaner[R4].txt - [2841 octets] - [16/01/2014 18:08:18]
AdwCleaner[R5].txt - [4283 octets] - [16/01/2014 18:36:33]
AdwCleaner[R6].txt - [1530 octets] - [25/01/2014 17:00:30]
AdwCleaner[R7].txt - [1650 octets] - [26/01/2014 01:49:17]
AdwCleaner[R8].txt - [1722 octets] - [26/01/2014 15:06:30]
AdwCleaner[R9].txt - [1163 octets] - [26/01/2014 15:11:32]
AdwCleaner[s0].txt - [874 octets] - [14/01/2014 08:27:27]
AdwCleaner[s1].txt - [2159 octets] - [15/01/2014 12:36:49]
AdwCleaner[s2].txt - [2589 octets] - [16/01/2014 06:07:53]
AdwCleaner[s3].txt - [2710 octets] - [16/01/2014 07:12:04]
AdwCleaner[s4].txt - [2916 octets] - [16/01/2014 18:09:47]
AdwCleaner[s5].txt - [3852 octets] - [16/01/2014 18:37:47]
AdwCleaner[s6].txt - [1595 octets] - [25/01/2014 17:03:58]
AdwCleaner[s7].txt - [1715 octets] - [26/01/2014 02:00:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1702 octets] ##########
 
 
I hope this is correct.  Please accept my apologies for any inconvenience I have caused.
 
Thank you
Link to post
Share on other sites

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 

 

  •  

     

  • Double-click SystemLook.exe to run it.

     

     

  • Copy the content of the following codebox into the main textfield:

     

     

    :folderfindboost_interprocess:regfindboost_interprocess

     

     

  • Click the Look button to start the scan.

     

     

  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

     

     

 

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 17:24 on 26/01/2014 by Lewis

Administrator - Elevation successful

 

========== folderfind ==========

 

Searching for "boost_interprocess"

C:\AdwCleaner\Quarantine\C\ProgramData\boost_interprocess d------ [13:27 14/01/2014]

C:\FRST\Quarantine\boost_interprocess d------ [07:03 26/01/2014]

C:\ProgramData\Dell\Dell Datasafe Online\temp\boost_interprocess d------ [05:32 05/01/2012]

C:\Users\All Users\Dell\Dell Datasafe Online\temp\boost_interprocess d------ [05:32 05/01/2012]

 

========== regfind ==========

 

Searching for "boost_interprocess"

No data found.

 

-= EOF =-

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\ProgramData\Dell\Dell Datasafe Online\temp\boost_interprocessC:\Users\All Users\Dell\Dell Datasafe Online\temp\boost_interprocess:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me know if any remaining issues or concerns....

Link to post
Share on other sites

Here is the result of the OTM.

 

Hopefully it looks okay.

 

All processes killed
========== FILES ==========
C:\ProgramData\Dell\Dell Datasafe Online\temp\boost_interprocess folder moved successfully.
File/Folder C:\Users\All Users\Dell\Dell Datasafe Online\temp\boost_interprocess not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lewis
->Temp folder emptied: 12794 bytes
->Temporary Internet Files folder emptied: 130675 bytes
->Java cache emptied: 8196 bytes
->Google Chrome cache emptied: 126144728 bytes
->Flash cache emptied: 57978 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 340317 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1480348 bytes
 
Total Files Cleaned = 122.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01262014_174208
 
Files moved on Reboot...
C:\Users\Lewis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lewis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
 
Thank you.
Link to post
Share on other sites

Yes look good to me, any remaining issues or concerns?

 

Run this please:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Internet Security   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 51  

  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  

 Adobe Reader XI  

 Google Chrome 33.0.1750.29  

 Google Chrome 33.0.1750.46  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes Anti-Exploit mbae.exe   

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

 

With what we have done should " C:\ProgramData\Boost_Interprocess now be removed from my laptop?

 

Thank you


 
Link to post
Share on other sites

It does not show in the registry check with system look, if no registry entries it is gone.... Do this:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:
 
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST
 

Next,

 


Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Do those steps complete ok, any remaining tools or logs can be deleted. Is advisable to update Flash Player at your convenience...

 

Kevin

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

I am sad to say it is still present.  It appears to have more lives than my cats.  No matter how many times I delete it it seems to return. 

 

# AdwCleaner v3.017 - Report created 27/01/2014 at 04:42:42
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v33.0.1750.46
 
[ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [810 octets] - [27/01/2014 04:40:38]
AdwCleaner[s0].txt - [736 octets] - [27/01/2014 04:42:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [795 octets] ##########
Link to post
Share on other sites

Yes I already saw those entries with FRST logs, they were removed earlier. Obviously an installed program or service replaces boost_interprocess each time we remove it. What I want you to try is a clean boot, that means to boot your system with all none MS services disabled. Keep in that mode, run AdwCleaner and remove the nuisance (yet again) then re-boot, (still in clean boot state) and see if it returns....

Is that OK, I give instructions shortly..

Link to post
Share on other sites

Apologies for the delay. Ok we start in clean boot mode....

 

Go to this link: http://support.microsoft.com/kb/929135 Expand "How to perform a clean boot" then expand the option for your operating system (Windows 7) follow those instructions.

 

When you have re-booted in the clean state run AdwCleaner and remove the nuisance, Re-boot again (still in clean boot mode) see if the nuisance returns...

Link to post
Share on other sites

Oops, I forgot to add this:

 

# AdwCleaner v3.017 - Report created 27/01/2014 at 06:20:26
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v33.0.1750.46
 
[ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [810 octets] - [27/01/2014 04:40:38]
AdwCleaner[R1].txt - [928 octets] - [27/01/2014 05:19:56]
AdwCleaner[R2].txt - [987 octets] - [27/01/2014 06:19:42]
AdwCleaner[s0].txt - [874 octets] - [27/01/2014 04:42:42]
AdwCleaner[s1].txt - [913 octets] - [27/01/2014 06:20:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [972 octets] ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.