Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Malware Expert
I see Warsaw 1.11.0.42826 is still in the uninstall list. Please try to uninstall it first. If it uninstalls then reboot and then run FRST and do the fix:
Member
RKinner,
Sorry for the late reply. I'm resolving some family matters. I'll resume our work tomorrow.
Thank you for your patience.
Andre
Member
RKinner,
Thank you for your enormous patience. I'm back in business.
However, I was not able to uninstall Warsaw from Control Panel. Please see error screen shot.
Ready for your next instructions, please.
Thank you!
Member
RKinner,
I'm back in business. Thanks for your enormous patience. I was traveling and could not resume our work until now. Here is the fixlog.
Ready for your next instructions, please. Thank you!!!
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Izilda (2016-03-07 18:55:30) Run:4
Running from C:\Users\Izilda\Desktop
Loaded Profiles: Izilda (Available Profiles: Izilda)
Boot Mode: Normal
==============================================
fixlist content:
*****************
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\MountPoints2: {520b7578-3f36-11e1-9d4c-806e6f6e6963} - E:\Setup.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
Tcpip\..\Interfaces\{0211F5D2-0B48-4A83-8097-2D3C20677B0B}: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1
Tcpip\..\Interfaces\{894FB0E4-5432-4A2A-B791-AB7238B6F4E2}: [DhcpNameServer] 200.142.132.32 200.220.227.57
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-06-10] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/cef -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-17] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/uni -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-01-15] (GAS Tecnologia)
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-01-17] [not signed]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: GBBD Guardião - Itaú 30 horas - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-03-24] [not signed]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-04] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2015-09-15]
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-19]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S4 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S4 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-13] (GAS Tecnologia)
S4 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
S4 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S4 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-01-12] (GAS Tecnologia)
S4 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S4 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2016-02-13 18:21 - 2015-08-27 21:03 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-02-11 23:23 - 2015-05-04 13:34 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
C:\Users\Izilda\AppData\Local\Temp\2lj4u2du.dll
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
Task: {0EE9EEF0-21B1-45E3-B7CF-F59434679A53} - System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:5B1620CE_Bb.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
*****************
C:\Program Files (x86)\GbPlugin\gbpsv.exe => Could not close process
C:\Program Files (x86)\GbPlugin\gbpsv.exe => Could not close process
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb => key not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni => key not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520b7578-3f36-11e1-9d4c-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{520b7578-3f36-11e1-9d4c-806e6f6e6963} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0211F5D2-0B48-4A83-8097-2D3C20677B0B}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{894FB0E4-5432-4A2A-B791-AB7238B6F4E2}\\DhcpNameServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/bb => key not found.
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll => not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/bb64" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/cef" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll => moved successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/uni" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll => moved successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D} => value removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => moved successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873} => value removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => moved successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C} => value removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei => moved successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx => moved successfully
GbpSv => Unable to stop service.
GbpSv => service removed successfully
Warsaw Technology => service removed successfully
gbpddfac => service removed successfully
gbpddfac => service not found.
GbpKm => service removed successfully
GBPRCM => service removed successfully
Warsaw_PP => Service stopped successfully.
Warsaw_PP => service removed successfully
wsddfac => service removed successfully
wsddpp => service removed successfully
gbpddreg => service removed successfully
C:\Windows\system32\Drivers\gbpddfac64.sys => moved successfully
C:\Program Files (x86)\GAS Tecnologia => moved successfully
C:\Users\Izilda\AppData\Local\Temp\2lj4u2du.dll => moved successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EE9EEF0-21B1-45E3-B7CF-F59434679A53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE9EEF0-21B1-45E3-B7CF-F59434679A53}" => key removed successfully
C:\Windows\System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{086040D7-8B51-4901-9C99-9A59D7D1A236}" => key removed successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\Windows\System32 => ":5B1620CE_Bb.gbp" ADS removed successfully.
"C:\Windows\system32\Drivers\gbpddfac64.sys" => ":X5ZN8aGvT4" ADS not found.
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog 18:55:45 ====
Malware Expert
I assume it survived the reboot this time.
Let's do a process explorer log and see where we stand.
Member
Yep, it survived the reboot 
Here is process log:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 56.73 0 K 24 K 0
svchost.exe 22.46 164,356 K 172,552 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 10.94 93,888 K 54,944 K 1864 avast! Service AVAST Software (Verified) AVAST Software a.s.
HPSA_Service.exe 3.64 55,908 K 51,264 K 3252 HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
procexp64.exe 2.22 31,172 K 52,724 K 7068 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 1.29 0 K 0 K n/a Hardware Interrupts and DPCs
HPSF.exe 0.78 95,724 K 87,052 K 5220 HP Support Assistant Hewlett-Packard Company (Verified) Hewlett-Packard Company
System 0.50 304 K 1,172 K 4
dwm.exe 0.37 33,672 K 32,472 K 3424 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe 0.23 165,544 K 147,236 K 4504 Dropbox Dropbox, Inc. (Verified) Dropbox
csrss.exe 0.20 3,412 K 8,884 K 572 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
firefox.exe 0.16 191,308 K 209,992 K 3272 Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 0.11 35,896 K 50,704 K 2156 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.08 35,576 K 54,232 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
RNowSvc.exe 0.07 1,904 K 4,684 K 3236 Windows Service App Roxio (Verified) Sonic Solutions
gbpsv.exe 0.04 32,300 K 36,832 K 924 G-Buster Browser Defense - Service GAS Tecnologia (Verified) GAS INFORMATICA LTDA
WmiPrvSE.exe 0.03 3,792 K 7,608 K 3676 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 57,676 K 88,112 K 1660 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.02 64,916 K 101,052 K 5508 Google Chrome Google Inc. (Verified) Google Inc
CCC.exe 0.02 104,688 K 4,712 K 5512 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
AppleMobileDeviceService.exe 0.02 3,024 K 9,416 K 2624 MobileDeviceService Apple Inc. (Verified) Apple Inc.
chrome.exe 0.01 45,916 K 44,164 K 364 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.01 2,448 K 4,976 K 472 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MOM.exe 0.01 40,240 K 5,300 K 3988 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
lsass.exe 0.01 7,556 K 15,828 K 672 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
avastui.exe < 0.01 18,212 K 19,760 K 4968 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
SoftwareUpdate.exe < 0.01 18,612 K 39,004 K 5176 Apple Software Update Apple Inc. (Verified) Apple Inc.
WUDFHost.exe < 0.01 7,656 K 7,656 K 1568 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 12,444 K 18,288 K 2812 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 2,952 K 4,680 K 680 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 38,552 K 18,680 K 4752 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,500 K 8,364 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
YCMMirage.exe < 0.01 1,748 K 1,024 K 5100 YouCam Mirage CyberLink (Verified) CyberLink
svchost.exe < 0.01 17,596 K 19,284 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ezSharedSvcHost.exe < 0.01 1,572 K 5,468 K 2972 Shared EasyBits services for Windows EasyBits Software AS (Verified) EasyBits Software AS
WLIDSVC.EXE < 0.01 8,232 K 15,656 K 3400 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe < 0.01 4,000 K 7,120 K 4780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 9,676 K 14,840 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 6,336 K 9,544 K 484 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
HPConnectionManager.exe < 0.01 82,028 K 89,984 K 6140 HPConnectionManager Hewlett-Packard Development Company L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
svchost.exe < 0.01 53,844 K 35,916 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
stacsv64.exe < 0.01 12,920 K 9,000 K 1156 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
SynTPEnh.exe < 0.01 9,228 K 13,220 K 4204 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
hpservice.exe < 0.01 1,824 K 4,952 K 1424 HpService Hewlett-Packard Company (Verified) Microsoft Windows Hardware Compatibility Publisher
WR_Tray_Icon.exe 2,036 K 1,160 K 5592 Tweaking.com - Windows Repair Tray Icon Tweaking.com (Verified) Tweaking LLC
WmiPrvSE.exe 8,832 K 15,096 K 3712 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,836 K 6,360 K 5792 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,528 K 3,624 K 3596 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,124 K 7,620 K 644 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,664 K 4,668 K 548 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,112 K 5,676 K 4100 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,208 K 6,044 K 4880 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 6,284 K 11,324 K 5048 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
TrueSuiteService.exe 1,756 K 5,408 K 880 HP Service HP (Verified) AuthenTec
TouchControl.exe 4,484 K 13,376 K 2880 TouchControl HP (Verified) AuthenTec
TeamViewer_Service.exe 5,392 K 13,484 K 3356 TeamViewer 10 TeamViewer GmbH (Verified) TeamViewer
taskeng.exe 2,004 K 5,508 K 2020 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,412 K 6,424 K 4960 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,484 K 6,312 K 5560 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SZDrvSvc.exe 1,536 K 4,904 K 3320 SZDrvSvc Clarus, Inc. (No signature was present in the subject) Clarus, Inc.
SynTPHelper.exe 1,592 K 3,788 K 4952 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 14,948 K 16,012 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,104 K 10,532 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 24,564 K 21,980 K 476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,160 K 7,108 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,820 K 6,024 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,768 K 11,392 K 2932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,084 K 5,736 K 3288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 9,124 K 19,808 K 4244 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 9,248 K 15,144 K 2000 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 568 K 1,240 K 328 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,256 K 11,524 K 604 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 2,100 K 6,484 K 4064 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RIconMan.exe 2,508 K 6,108 K 2912 Realtek Card Reader Icon Tool. Realsil Microelectronics Inc. (No signature was present in the subject) Realsil Microelectronics Inc.
procexp.exe 2,460 K 7,740 K 7040 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 36,840 K 38,332 K 3460 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PMBDeviceInfoProvider.exe 1,440 K 4,732 K 3216 Device Information Provider Sony Corporation (Verified) Sony Corporation
notepad.exe 2,072 K 6,884 K 1844 Notepad Microsoft Corporation (Verified) Microsoft Windows
NitroPDFReaderDriverService3x64.exe 1,672 K 4,012 K 3168 Nitro PDF Spool Service Nitro PDF Software (Verified) Nitro PDF Software
NitroPDFDriverServicex64.exe 1,608 K 3,988 K 3120 Solid Spool Service Nitro PDF Software (Verified) Nitro PDF Software
jusched.exe 2,360 K 5,540 K 4712 Java Update Scheduler Oracle Corporation (Verified) Oracle America
HPWMISVC.exe 1,352 K 4,016 K 2648 HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
hpqWmiEx.exe 3,960 K 8,672 K 5092 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpCMSrv.exe 4,016 K 9,160 K 5780 HP Connection Manager Service Hewlett-Packard Development Company L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPClientServices.exe 3,988 K 8,232 K 2148 HP Client Services Hewlett-Packard Company (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
GWX.exe 4,104 K 1,568 K 3012 GWX Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 2,332 K 2,448 K 4344 Google Installer Google Inc. (Verified) Google Inc
gbpsv.exe 24,372 K 24,396 K 3364 G-Buster Browser Defense - Service GAS Tecnologia (Verified) GAS INFORMATICA LTDA
Fuel.Service.exe 4,824 K 10,160 K 2564 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
DropboxUpdate.exe 2,528 K 3,128 K 4352 Dropbox Update Dropbox, Inc. (Verified) Dropbox
chrome.exe 25,208 K 54,712 K 2924 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 47,552 K 81,144 K 5868 Google Chrome Google Inc. (Verified) Google Inc
BioMonitor.exe 1,544 K 5,196 K 3628 BioMonitor HP (Verified) AuthenTec
audiodg.exe 16,892 K 17,276 K 1220 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,736 K 4,580 K 120 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,616 K 6,820 K 1432 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,240 K 4,056 K 2096 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AESTSr64.exe 1,324 K 3,032 K 2180 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
AdobeARM.exe 4,676 K 13,072 K 4644 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems
ABRTMon.exe 4,760 K 9,016 K 4444 ABRTMon Clarus, Inc. (No signature was present in the subject) Clarus, Inc.
Malware Expert
svchost.exe 22.46
Hit Space bar and then
Hover over the top svchost.exe and it should tell you what services are running on it. Usually it's Windows Update causing the problem. Do you see it in the list?
If so, search for services.msc and hit Enter. It should bring up the Services menu. Find Windows Update and right click on it and select Properties. Hit Stop which should stop the service then run a new Process Explorer log and let's see if that helped.
Member
OK. I ran Services and stopped Windows Update. Here is new process log:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 94.76 0 K 24 K 0
procexp64.exe 2.02 33,644 K 54,560 K 7976 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.95 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.40 34,508 K 31,280 K 3424 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.33 316 K 1,684 K 4
SynTPEnh.exe 0.33 9,228 K 13,468 K 4204 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
firefox.exe 0.29 224,536 K 251,052 K 3272 Firefox Mozilla Corporation (Verified) Mozilla Corporation
csrss.exe 0.25 3,480 K 9,284 K 572 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe 0.18 173,444 K 156,412 K 4504 Dropbox Dropbox, Inc. (Verified) Dropbox
avastui.exe 0.08 19,500 K 26,104 K 4968 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
svchost.exe 0.08 35,656 K 51,432 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.06 43,660 K 64,496 K 2156 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
gbpsv.exe 0.04 32,328 K 36,872 K 924 G-Buster Browser Defense - Service GAS Tecnologia (Verified) GAS INFORMATICA LTDA
lsass.exe 0.04 7,624 K 15,928 K 672 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
CCC.exe 0.04 104,232 K 21,584 K 5512 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
AvastSvc.exe 0.03 98,536 K 41,192 K 1864 avast! Service AVAST Software (Verified) AVAST Software a.s.
WmiPrvSE.exe 0.03 3,900 K 7,920 K 3676 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 37,384 K 63,116 K 5220 Google Chrome Google Inc. (Verified) Google Inc
MOM.exe 0.01 40,240 K 7,704 K 3988 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
chrome.exe 0.01 35,300 K 27,964 K 6304 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 5,104 K 10,508 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe < 0.01 3,076 K 9,452 K 2624 MobileDeviceService Apple Inc. (Verified) Apple Inc.
YCMMirage.exe < 0.01 1,748 K 748 K 5100 YouCam Mirage CyberLink (Verified) CyberLink
taskhost.exe < 0.01 13,404 K 19,148 K 2812 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 49,540 K 41,208 K 4752 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ezSharedSvcHost.exe < 0.01 1,572 K 5,436 K 2972 Shared EasyBits services for Windows EasyBits Software AS (Verified) EasyBits Software AS
svchost.exe < 0.01 18,044 K 20,732 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,100 K 7,164 K 4780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,112 K 16,012 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 8,216 K 15,636 K 3400 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe < 0.01 179,896 K 188,520 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe < 0.01 7,660 K 7,660 K 1568 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
HPSA_Service.exe < 0.01 44,756 K 45,808 K 3252 HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPConnectionManager.exe < 0.01 80,880 K 88,888 K 6140 HPConnectionManager Hewlett-Packard Development Company L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
stacsv64.exe < 0.01 12,976 K 9,068 K 1156 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
gbpsv.exe < 0.01 24,344 K 24,316 K 3364 G-Buster Browser Defense - Service GAS Tecnologia (Verified) GAS INFORMATICA LTDA
svchost.exe < 0.01 55,564 K 38,148 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
hpservice.exe < 0.01 1,824 K 4,948 K 1424 HpService Hewlett-Packard Company (Verified) Microsoft Windows Hardware Compatibility Publisher
WR_Tray_Icon.exe 2,036 K 568 K 5592 Tweaking.com - Windows Repair Tray Icon Tweaking.com (Verified) Tweaking LLC
wmpnetwk.exe 7,396 K 7,984 K 484 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 10,416 K 16,844 K 3712 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,528 K 3,624 K 3596 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,284 K 7,780 K 644 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,664 K 4,668 K 548 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,472 K 6,352 K 4880 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,140 K 5,884 K 4100 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 6,324 K 11,360 K 5048 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
TrueSuiteService.exe 1,756 K 5,396 K 880 HP Service HP (Verified) AuthenTec
TouchControl.exe 4,484 K 13,380 K 2880 TouchControl HP (Verified) AuthenTec
TeamViewer_Service.exe 5,392 K 13,480 K 3356 TeamViewer 10 TeamViewer GmbH (Verified) TeamViewer
taskeng.exe 2,468 K 6,680 K 4960 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,432 K 6,376 K 5560 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SZDrvSvc.exe 1,536 K 4,904 K 3320 SZDrvSvc Clarus, Inc. (No signature was present in the subject) Clarus, Inc.
SynTPHelper.exe 1,592 K 3,784 K 4952 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 15,464 K 16,536 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 25,024 K 21,820 K 476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,916 K 8,808 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,160 K 7,108 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,300 K 6,556 K 3288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,928 K 6,096 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,364 K 11,952 K 2932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 9,124 K 19,804 K 4244 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 9,196 K 15,124 K 2000 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 568 K 1,240 K 328 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,376 K 11,716 K 604 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 2,100 K 6,484 K 4064 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RNowSvc.exe 2,156 K 4,912 K 3236 Windows Service App Roxio (Verified) Sonic Solutions
RIconMan.exe 2,508 K 6,108 K 2912 Realtek Card Reader Icon Tool. Realsil Microelectronics Inc. (No signature was present in the subject) Realsil Microelectronics Inc.
procexp.exe 2,460 K 7,768 K 8040 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 36,840 K 38,340 K 3460 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PMBDeviceInfoProvider.exe 1,440 K 4,728 K 3216 Device Information Provider Sony Corporation (Verified) Sony Corporation
NitroPDFReaderDriverService3x64.exe 1,672 K 4,012 K 3168 Nitro PDF Spool Service Nitro PDF Software (Verified) Nitro PDF Software
NitroPDFDriverServicex64.exe 1,608 K 3,988 K 3120 Solid Spool Service Nitro PDF Software (Verified) Nitro PDF Software
lsm.exe 2,960 K 4,708 K 680 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 2,360 K 5,532 K 4712 Java Update Scheduler Oracle Corporation (Verified) Oracle America
HPWMISVC.exe 1,352 K 4,016 K 2648 HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
hpqWmiEx.exe 3,960 K 8,660 K 5092 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpCMSrv.exe 4,020 K 9,172 K 5780 HP Connection Manager Service Hewlett-Packard Development Company L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPClientServices.exe 3,992 K 8,248 K 2148 HP Client Services Hewlett-Packard Company (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
GWX.exe 4,104 K 1,928 K 3012 GWX Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 2,336 K 2,568 K 4344 Google Installer Google Inc. (Verified) Google Inc
Fuel.Service.exe 4,824 K 10,160 K 2564 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
explorer.exe 29,156 K 34,900 K 6360 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 2,592 K 3,160 K 4352 Dropbox Update Dropbox, Inc. (Verified) Dropbox
csrss.exe 2,732 K 5,244 K 472 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 42,992 K 74,628 K 8056 Google Chrome Google Inc. (Verified) Google Inc
BioMonitor.exe 1,544 K 5,196 K 3628 BioMonitor HP (Verified) AuthenTec
audiodg.exe 17,048 K 17,052 K 6624 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,736 K 4,580 K 120 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,616 K 6,844 K 1432 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,240 K 4,052 K 2096 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AESTSr64.exe 1,324 K 3,028 K 2180 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
AdobeARM.exe 4,676 K 13,068 K 4644 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems
ABRTMon.exe 4,760 K 9,004 K 4444 ABRTMon Clarus, Inc. (No signature was present in the subject) Clarus, Inc.
Malware Expert
OK. It was the culprit. Should be fairly quick now.
Go in and START Windows Update and see if it still stays high.
See if you can run the System Update Readiness
https://support.micr...en-us/kb/947821
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
