User Tag List

Possible Infections

This is a discussion on Possible Infections within the Resolved HJT Threads forums, part of the Tech Support Forum category. Having a lot of problem with high cpu usage and hang ups with all browsers. Ran Sfc everything ok Ran


 
 
Thread Tools Search this Thread
Old 03-09-2017, 05:54 AM   #1
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Having a lot of problem with high cpu usage and hang ups with all browsers.
Ran Sfc everything ok
Ran Dirm Same
noticed ten or so host processes running

Any help would be appreciated

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Owner at 8:36:51 on 2017-03-09
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8107.4886 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ibtsiva.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SysWoW64\esif_uf.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\NIS.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\NIS.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\WINDOWS\system32\igfxEM.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE\YI3KZ4Y2\SymDiag.exe
C:\Users\Owner\AppData\Local\Temp\STSFX4F32\SymDiagUi4.exe
C:\Users\Owner\AppData\Local\Temp\STSFX4F32\NativeApiClientx64.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uLocal Page = %11%\blank.htm
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine32\22.9.0.71\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine32\22.9.0.71\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine32\22.9.0.71\coieplg.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955}\1347576666F6C646D616E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{be972c2d-acac-422e-8f61-e32edb583955}\1347576666F6C646D616E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2017-2-2 48992]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NISx64\1609000.047\symefasi64.sys [2017-3-3 1716896]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-2-2 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-2-2 227328]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\22.8.0.50\Definitions\BASHDefs\20170306.003\BHDrvx64.sys [2017-3-6 1874136]
R1 ccSet_NIS;NIS Settings Manager;C:\WINDOWS\System32\drivers\NISx64\1609000.047\ccsetx64.sys [2017-3-3 174240]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 GUBootStartup;GUBootStartup;C:\WINDOWS\System32\drivers\GUBootStartup.sys [2017-3-8 20160]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\22.8.0.50\Definitions\IPSDefs\20170308.003\IDSviA64.sys [2017-3-9 1038024]
R1 SMR510;Symantec SMR Utility Service 5.1.0;C:\WINDOWS\System32\drivers\SMR510.SYS [2017-3-9 120024]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\1609000.047\ironx64.sys [2017-3-3 291480]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\1609000.047\symnets.sys [2017-3-3 567512]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_5f7b0;CDPUserSvc_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2015-11-21 1392792]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-3-8 1659592]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-1-30 382456]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.71\nis.exe [2017-3-3 326160]
R2 OneSyncSvc_5f7b0;Sync Host_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-2-2 312056]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-2-2 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2016-12-27 3732896]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-2-2 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2015-11-21 19440]
R3 dptf_acpi;dptf_acpi;C:\WINDOWS\System32\drivers\dptf_acpi.sys [2015-11-21 57304]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-11-21 52200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-3-1 156824]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2015-11-21 260072]
R3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
R3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-1-13 253696]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-12-13 7923464]
R3 PimIndexMaintenanceSvc_5f7b0;Contact Data_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 SensorsHIDClassDriver;UMDF Reflector service for Sensors HID Class Driver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-11-21 42600]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
R3 UnistoreSvc_5f7b0;User Data Storage_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_5f7b0;User Data Access_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 VirtualButtons;Intel(R) Virtual Buttons;C:\WINDOWS\System32\drivers\VirtualButtons.sys [2015-11-21 31280]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-2-2 719360]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\1609000.047\symelam.sys [2017-3-3 24616]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-2-2 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-7 31776]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-2-2 64352]
S3 MessagingService_5f7b0;MessagingService_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-12-27 268704]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PSKMAD;PSKMAD;C:\WINDOWS\System32\drivers\PSKMAD.sys [2017-2-8 50320]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 semav6msr64;semav6msr64;C:\WINDOWS\System32\drivers\semav6msr64.sys [2017-1-31 21984]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-2-2 1312768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-2-2 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_5f7b0;Windows Push Notifications User Service_5f7b0;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-2-2 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-2-2 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-03-08 12:16:22 20160 ----a-w- C:\WINDOWS\System32\drivers\GUBootStartup.sys
2017-03-08 12:16:21 -------- d-----w- C:\Users\Owner\AppData\Roaming\DiskDefrag
2017-03-08 12:02:21 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2017-03-08 11:48:55 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2017-03-07 15:58:02 -------- d-----w- C:\Users\Owner\Doctor Web
2017-03-03 13:00:03 567512 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\symnets.sys
2017-03-03 13:00:03 24616 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\symelam.sys
2017-03-03 13:00:03 1716896 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\symefasi64.sys
2017-03-03 13:00:02 760992 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\srtsp64.sys
2017-03-03 13:00:02 49312 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\srtspx64.sys
2017-03-03 13:00:02 291480 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\ironx64.sys
2017-03-03 13:00:02 174240 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1609000.047\ccsetx64.sys
2017-03-03 12:59:37 -------- d-----w- C:\WINDOWS\System32\drivers\NISx64\1609000.047
2017-03-02 12:55:58 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2017-02-27 01:12:40 -------- d-----w- C:\Users\Owner\Roaming
2017-02-27 01:12:40 -------- d-----w- C:\ProgramData\Roaming
2017-02-27 01:11:37 -------- d-----w- C:\Program Files\Common Files\Intel
2017-02-26 16:05:19 -------- d-----w- C:\FRST
2017-02-25 12:08:19 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2017-02-24 14:32:06 -------- d-----w- C:\WINDOWS\System32\DAX2
2017-02-24 14:31:27 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2017-02-22 23:42:01 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2017-02-22 21:25:24 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2017-02-22 21:20:22 -------- d-----w- C:\AdwCleaner
2017-02-21 14:38:22 -------- d-----w- C:\Users\Owner\AppData\Local\NetworkTiles
2017-02-21 10:35:40 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2017-02-21 10:31:51 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2017-02-21 10:21:22 -------- d-----w- C:\Users\Owner\AppData\Local\CrashDumps
2017-02-21 10:21:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\Intel
2017-02-21 10:19:18 35792 ----a-w- C:\WINDOWS\System32\RegBootDefrag.exe
2017-02-21 10:13:39 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2017-02-21 10:13:36 -------- d-----w- C:\Users\Owner\AppData\Local\MicrosoftEdge
2017-02-17 19:47:47 -------- d-----w- C:\Program Files (x86)\Panda Security
2017-02-17 15:45:07 -------- d-----w- C:\Program Files\Reason
2017-02-16 05:24:02 40213960 ----a-w- C:\WINDOWS\System32\igdumdim64.dll
2017-02-16 05:24:02 39246776 ----a-w- C:\WINDOWS\SysWow64\igdumdim32.dll
2017-02-16 05:21:52 93200 ----a-w- C:\WINDOWS\System32\igfxDHLib.dll
2017-02-15 00:42:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2017-02-13 23:37:52 -------- d--h--w- C:\ProgramData\Common Files
2017-02-13 23:37:51 -------- d-----w- C:\Users\Owner\AppData\Local\AvgSetupLog
2017-02-12 09:25:52 -------- d-----w- C:\ProgramData\RogueKiller
2017-02-08 14:07:04 -------- d-----w- C:\Users\Owner\AppData\Local\ESET
2017-02-08 13:48:13 -------- d-----w- C:\EEK
2017-02-08 12:48:36 50320 ----a-w- C:\WINDOWS\System32\drivers\PSKMAD.sys
2017-02-08 12:48:30 39672 ----a-w- C:\WINDOWS\System32\drivers\DasPtct.SYS
2017-02-08 12:29:33 -------- d-----w- C:\ProgramData\HitmanPro
2017-02-08 11:02:22 -------- d--h--w- C:\OneDriveTemp
.
==================== Find3M ====================
.
2017-03-09 09:16:43 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 13:00:05 102608 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS
2017-02-16 14:01:45 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-02-16 05:21:52 765456 ----a-w- C:\WINDOWS\System32\igfxDH.dll
2017-02-06 19:48:07 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-02-06 19:48:07 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-02-05 15:26:28 58696 ----a-w- C:\WINDOWS\SysWow64\AOLParconLink.exe
2017-02-02 20:10:57 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2017-02-02 19:50:01 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2017-02-02 19:50:01 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2017-02-02 17:24:30 0 ----a-w- C:\WINDOWS\System32\GfxValDisplayLog.bin
2017-01-31 02:18:54 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-31 02:18:54 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
2017-01-30 18:08:52 212488 ----a-w- C:\WINDOWS\System32\igfxCoIn_v4531.dll
2017-01-30 18:08:47 5799386 ----a-w- C:\WINDOWS\System32\igdclbif.bin
2017-01-30 18:08:43 511260 ----a-w- C:\WINDOWS\System32\cp_resources.bin
2017-01-30 1829 3942864 ----a-w- C:\WINDOWS\System32\LogiLDA.DLL
2017-01-30 1829 2468304 ----a-w- C:\WINDOWS\System32\LdaCx2.dll
2017-01-30 02:03:04 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-RBR5GP3_defaultuser0_HistoryPrediction.bin
2017-01-20 14:04:58 7923464 ----a-w- C:\WINDOWS\System32\drivers\Netwtw04.sys
2017-01-13 22:44:12 379136 ----a-w- C:\WINDOWS\System32\ibtproppage.dll
2017-01-13 22:44:12 253696 ----a-w- C:\WINDOWS\System32\drivers\ibtusb.sys
2017-01-13 22:44:12 184064 ----a-w- C:\WINDOWS\System32\ibtsiva.exe
2016-12-27 08:32:50 4270496 ----a-w- C:\WINDOWS\System32\wlihvui.dll
2016-12-27 08:32:48 2540448 ----a-w- C:\WINDOWS\System32\iwmssvc.dll
2016-12-21 07:08:04 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2016-12-21 04:44:06 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
.
============= FINISH: 8:40:37.81 ===============
Attached Files
File Type: txt attach.txt (13.6 KB, 14 views)
File Type: txt dds.txt (30.3 KB, 14 views)
maineearle is offline  
Sponsored Links
Advertisement
 
Old 03-09-2017, 02:33 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

CCleaner
COMODO Registry Cleaner
Glary Utilities


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling COMODO Registry Cleaner and Glary Utilities via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-10-2017, 03:43 AM   #3
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Thanks for your response
Attached Files
File Type: txt AdwCleaner[C0].txt (1.5 KB, 14 views)
File Type: txt Addition.txt (25.1 KB, 12 views)
maineearle is offline  
Sponsored Links
Advertisement
 
Old 03-11-2017, 04:14 PM   #4
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Looks like I didn't send the right logs
Attached Files
File Type: txt Addition.txt (25.1 KB, 10 views)
File Type: txt FRST.txt (1.57 MB, 13 views)
File Type: txt AdwCleaner[C0].txt (1.5 KB, 12 views)
maineearle is offline  
Old 03-11-2017, 05:42 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello maineearle. Did you read my suggestions about the registry cleaners?

I'm not seeing any sign of infection in your logs. It appears your problems are beyond malware.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {1D7E3FED-CEF1-49CE-A17E-B92828A5CEFC} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
    Task: {2A95FEFA-B8D9-49C9-B69F-D0C8DB56754D} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
    Task: {2C627407-2B6F-427F-BDF7-64EF4EE26AE4} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {4FE72451-BBDE-42FF-A3F0-EDF13080B67D} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
    Task: {54BC9C80-EB82-4345-8F98-5A4AECCFFD7A} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater -> No File <==== ATTENTION
    Task: {736DCBF9-B63E-4959-939A-33E5E3842896} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
    Task: {985C6800-0B58-46A3-A923-0354399FE897} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
    Task: {E4C2F91C-D04C-48C3-8417-2CE8AECF28D7} - System32\Tasks\{33F3B46B-B75F-4A87-A700-E1E114C63B53} => pcalua.exe -a C:\Users\Owner\Desktop\VIRUS\Rootkit_Detective.exe -d C:\Users\Owner\Desktop\VIRUS
    Task: {E714720E-ED4F-4201-B44D-9F3846F0290B} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report -> No File <==== ATTENTION
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-12-2017, 10:26 AM   #6
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Read your suggestions and will apply them.

I do not see a Fixlog.txt. Did I do something wrong?

Attached what I have

Saved my personal files but did not initiate a restart until I hear from you
Attached Files
File Type: txt Addition.txt (24.1 KB, 13 views)
File Type: txt FRST.txt (1.40 MB, 12 views)
maineearle is offline  
Old 03-12-2017, 06:10 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, maineearle. It appears you selected Scan instead of Fix in the last step. Please follow those last steps again.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-13-2017, 07:48 AM   #8
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Thanks again
Attached Files
File Type: txt Fixlog.txt (6.4 KB, 14 views)
maineearle is offline  
Old 03-14-2017, 06:56 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, maineearle. You're very welcome.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-15-2017, 08:27 AM   #10
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Sorry it is taken so long
Attached Files
File Type: txt ESET.txt (658 Bytes, 10 views)
File Type: txt MBAM.txt (1.0 KB, 12 views)
maineearle is offline  
Old 03-16-2017, 01:47 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, maineearle. It appears your problems are beyond malware.

I suggest you seek expert advice in one of our other Forums

Let them know you were here first and were cleared of malware.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-17-2017, 05:17 PM   #12
Registered Member
 
Join Date: Nov 2007
Posts: 31
OS: vista



Thank you for all your efforts
maineearle is offline  
Old 03-18-2017, 08:17 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome. Hope you get it all sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why a low-level threat can open the door for serious infections
Why a low-level threat can open the door for serious infections
JMH3143 Computer Security News 0 06-29-2015 09:42 PM
Scan showed 23+ Trojan Infections
Hello everyone, First off, I would like to say thank you to everyone who helps out on these forums. Your efforts help save us a lot of time, headaches and money trying to resolves these issues! A co-worker was having problems with his laptop after clicking a link and asked if I could help...
calex_uo Resolved HJT Threads 45 09-03-2014 09:35 AM
Back up now! Warning over new wave of Filecoder infections hitting U.S.
Back up now! Warning over new wave of Filecoder infections hitting U.S. - We Live Security
JMH3143 Computer Security News 1 11-12-2013 06:15 PM
Removing & Fixing Facebook Redirecting infections
When I tried to login into my Facebook account , the user page suddenly redirected me to ''hxxp://www.facebook.com/advertising'' ! I can only access to the settings and logout. The password is correct , but the problem is i can't access to my profile and homepage! Can you tell me why ? & how to fix...
Minwer Mac Support 5 09-28-2012 04:44 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:45 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts