Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer won't update

Started by its_chele , Jul 23 2016 04:10 PM

Malware Sluggish

Please log in to reply

#1
its_chele

Posted 23 July 2016 - 04:10 PM

Member

Member
91 posts

I haven't used this laptop for awhile I loned it to a friend while I was traveling and when I turned it on and tried to update it hasn't been able to do any microsoft updates/window defender. Also, my Norton had expired so thought maybe it was stopping it from updating so I uninstalled and used Norton Removal Tool. I did a scan last week or so with Malwarebytes Adw/Cleaner and it removed some things. Still not updating and running rather slow.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2016 02
Ran by MWG (administrator) on YVONNE-PC (23-07-2016 17:38:52)
Running from C:\Users\MWG\Desktop
Loaded Profiles: MWG (Available Profiles: Yvonne & Sandra Sue & MWG & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2016-07-01]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C1312CAC-2938-47EA-B713-1E6989FE294B}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-15] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-3432716916-1219727339-2741707856-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MWG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
FF Extension: Self-Destructing Cookies - C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default\Extensions\[email protected] [2016-06-21]

Chrome:
=======
CHR Profile: C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-20]
CHR Extension: (Google Docs) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-20]
CHR Extension: (Google Drive) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-06-20]
CHR Extension: (YouTube) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Google Search) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-20]
CHR Extension: (Google Sheets) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-20]
CHR Extension: (Norton Identity Safe) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 17:38 - 2016-07-23 17:45 - 00013629 _____ C:\Users\MWG\Desktop\FRST.txt
2016-07-23 17:37 - 2016-07-23 17:38 - 00000000 ____D C:\FRST
2016-07-23 17:36 - 2016-07-23 17:36 - 02394112 _____ (Farbar) C:\Users\MWG\Desktop\FRST64.exe
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieUserList
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieBrowserModeList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieUserList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieSiteList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieBrowserModeList
2016-07-23 17:11 - 2016-07-23 17:12 - 00894960 _____ C:\Users\MWG\Downloads\Norton_Removal_Tool.exe
2016-07-23 17:07 - 2016-07-23 17:07 - 00776920 _____ (Symantec Corporation) C:\Users\MWG\Downloads\SymNRT(1).exe
2016-07-23 17:04 - 2016-07-23 17:04 - 00776920 _____ (Symantec Corporation) C:\Users\MWG\Downloads\SymNRT.exe
2016-07-22 22:44 - 2016-07-22 22:44 - 00000000 ____D C:\Users\MWG\Documents\My Received Files
2016-07-10 10:07 - 2016-07-10 10:07 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-07-04 21:36 - 2016-07-04 21:36 - 00000000 ____D C:\Users\MWG\AppData\Local\CrashDumps
2016-07-01 23:29 - 2016-07-01 23:32 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Paltalk
2016-07-01 23:29 - 2016-07-01 23:29 - 00001992 _____ C:\Users\MWG\Desktop\Paltalk Messenger.lnk
2016-07-01 23:29 - 2016-07-01 23:29 - 00001222 _____ C:\Users\MWG\Desktop\Upgrade to Paltalk Extreme.lnk
2016-07-01 23:29 - 2016-07-01 23:29 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2016-07-01 23:29 - 2016-07-01 23:29 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2016-07-01 23:26 - 2016-07-01 23:26 - 01222600 _____ (AVM Software Inc.) C:\Users\MWG\Downloads\pal_install_u45902064_a729_r109817_p173.exe
2016-07-01 23:18 - 2016-07-02 00:24 - 00000000 ____D C:\AdwCleaner
2016-07-01 23:17 - 2016-07-01 23:17 - 03712064 _____ C:\Users\MWG\Downloads\adwcleaner.exe
2016-06-29 21:45 - 2016-07-23 16:34 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-06-29 21:45 - 2016-06-29 21:45 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 17:44 - 2010-10-15 13:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-23 17:41 - 2012-04-21 07:59 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-23 17:29 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 17:29 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 17:18 - 2016-06-20 21:47 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieSiteList
2016-07-23 17:16 - 2010-12-28 13:36 - 00000000 ____D C:\ProgramData\Norton
2016-07-23 17:16 - 2010-10-15 13:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 17:16 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-22 23:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-07-14 22:44 - 2012-04-21 07:59 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 22:44 - 2012-04-21 07:59 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 22:44 - 2011-06-04 02:11 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 21:46 - 2011-08-14 22:25 - 00000000 ____D C:\windows\system32\Macromed
2016-07-14 21:46 - 2010-10-15 13:40 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-02 00:55 - 2016-06-21 21:58 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-02 00:12 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Yahoo!
2016-07-02 00:12 - 2012-04-20 13:28 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Yahoo!
2016-07-02 00:12 - 2011-06-04 01:35 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Yahoo!
2016-07-02 00:12 - 2011-06-04 01:35 - 00000000 ____D C:\Users\Yvonne\AppData\LocalLow\Yahoo!
2016-07-02 00:12 - 2011-06-04 01:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-06-28 20:25 - 2016-06-20 21:13 - 00000000 ____D C:\Users\MWG\AppData\Local\Deployment
2016-06-26 23:32 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-26 23:32 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf

Files to move or delete:
====================
C:\Users\Yvonne\flashplayer11_b2_install_win_ax32_080811.exe

Some files in TEMP:
====================
C:\Users\MWG\AppData\Local\Temp\{A815631B-F05A-420E-914B-F8D932E168F2}-51.0.2704.103_chrome_installer.exe
C:\Users\Yvonne\AppData\Local\Temp\4F79.exe
C:\Users\Yvonne\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-08-10 13:45

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2016 02
Ran by MWG (2016-07-23 18:00:01)
Running from C:\Users\MWG\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-27 08:53:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3432716916-1219727339-2741707856-500 - Administrator - Disabled)
Guest (S-1-5-21-3432716916-1219727339-2741707856-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3432716916-1219727339-2741707856-1002 - Limited - Enabled)
MWG (S-1-5-21-3432716916-1219727339-2741707856-1004 - Administrator - Enabled) => C:\Users\MWG
Sandra Sue (S-1-5-21-3432716916-1219727339-2741707856-1003 - Limited - Enabled) => C:\Users\Sandra Sue
Yvonne (S-1-5-21-3432716916-1219727339-2741707856-1000 - Administrator - Enabled) => C:\Users\Yvonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.53 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.53 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2091.0 - Motorola)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.646.17836 - AVM Software Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038E4B8A-B55A-4760-9B4E-796249AE0781} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {1A9EF062-2483-4C12-A73A-0EAE2670A11F} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {7558A3EF-A712-4F4B-ABF3-35E46EF22C8F} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {7FCD5747-58F2-4395-B6F5-BAC6830F9AE3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {864F6376-14FC-47B2-91C1-58B00409497B} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {D3F145A7-D242-406B-99A1-E9B96BFDA1CF} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {DB96A64B-1AC4-4338-B6F3-D0F599202F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-08-10 15:35 - 2011-08-10 15:35 - 00227184 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-08-08 18:11 - 2011-08-08 18:11 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-15 13:32 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-06-04 00:47 - 2011-02-24 21:08 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-07-07 16:12 - 2011-07-07 16:12 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2011-06-04 00:47 - 2011-02-15 13:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-06-04 00:47 - 2011-02-15 13:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-06-04 00:47 - 2011-02-15 13:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-06-04 00:47 - 2011-02-15 13:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-06-04 00:47 - 2011-02-15 12:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2011-06-04 00:47 - 2011-02-24 20:39 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2016-07-14 22:44 - 2016-07-14 22:44 - 19483328 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{67E9151E-F6F6-42A5-9CE2-3343EF13571B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD72228C-F03E-42DE-9EAF-CDA168AB6CE0}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{762A0E22-3559-40A3-A729-7133688BA1C8}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{9B6526C6-F259-4D42-BEC6-AAC888175C89}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{3DAA96BC-4128-493A-A769-8D78F6A90128}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{F8CC4B92-A780-4042-B97F-21343F09CF79}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A0D03C2D-CCC5-4403-B15D-A651506CCDB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{33750F64-5E74-4FF8-9386-C319835C59AD}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5BE129EC-5CED-4D1C-B225-6CFF9D327298}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48CA58B9-1F68-4014-BD57-F18C94164C9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91EE6115-72EA-4E52-A49E-84D65C4AC257}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DE025C88-985E-4A93-8914-4D9122E1743F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{604F6F94-A468-4CCB-8BF6-3CD09C2B5989}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{285BACFA-0CCF-4CD4-A1D8-92834E4CB254}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{B3E30077-1939-4CBD-9C1B-C5807AA7B28E}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe

==================== Restore Points =========================

22-01-2015 20:43:19 Windows Update
23-01-2015 22:58:12 Windows Update
24-01-2015 14:43:38 Windows Update
25-01-2015 20:21:33 Windows Update
25-01-2015 23:03:18 Windows Update
26-01-2015 22:54:48 Windows Update
20-06-2016 21:37:30 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2016 05:17:43 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/23/2016 04:08:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/22/2016 08:01:06 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/21/2016 09:15:58 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/20/2016 10:10:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/18/2016 10:32:24 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/16/2016 11:05:49 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/15/2016 09:22:29 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/14/2016 09:24:28 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (07/10/2016 10:07:32 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
   (no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

System errors:
=============
Error: (07/23/2016 04:07:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS

Error: (07/23/2016 04:07:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (07/22/2016 08:00:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS

Error: (07/22/2016 08:00:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (07/21/2016 09:12:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS

Error: (07/21/2016 09:12:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (07/20/2016 10:06:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS

Error: (07/20/2016 10:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (07/18/2016 10:31:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS

Error: (07/18/2016 10:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 97%
Total physical RAM: 2939.98 MB
Available physical RAM: 79.92 MB
Total Virtual: 5878.14 MB
Available Virtual: 2973.6 MB

==================== Drives ================================

Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:174.66 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

==================== End of Addition.txt ============================

#2
RKinner

Posted 24 July 2016 - 11:13 AM

Malware Expert

Expert
24,625 posts

Uninstall:

Toshiba App Place (causing errors)

Java™ 6 Update 17 (Out of date)

Norton did not completely uninstall (normal for that sorry program)

Download and Save the Norton Removal Tool

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Right click on it and Run As Administrator.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
its_chele

Posted 24 July 2016 - 01:16 PM

Member

Topic Starter
Member
91 posts

I have uninstalled Toshiba App Place/Java 6 & Reinstalled new java version. Installed & ran Norton Removal Tool. Cleared both Windows Log & Application per instructions. Ran scan & it stated did not find anything.

============

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/07/2016 3:07:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/07/2016 7:06:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/07/2016 6:48:24 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/07/2016 6:37:51 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.natall.rr.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/07/2016 6:30:08 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

=================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/07/2016 3:09:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

========================

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
audiodg.exe       15,852 K   15,996 K   3892   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows
BelkinService.exe       2,048 K   1,584 K   1316   BelkinService   Affinegy, Inc.   (Verified) Affinegy
cAudioFilterAgent64.exe       1,672 K   1,184 K   2360   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
hkcmd.exe       2,624 K   1,948 K   2344   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
igfxext.exe       1,472 K   1,576 K   2216   igfxext Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,156 K   1,724 K   2352   persistence Module   Intel Corporation   (Verified) Intel Corporation
igfxsrvc.exe       1,744 K   1,436 K   1972   igfxsrvc Module   Intel Corporation   (Verified) Intel Corporation
igfxtray.exe       1,812 K   1,504 K   2336   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
jusched.exe       5,200 K   4,212 K   848   Java Update Scheduler   Oracle Corporation   (Verified) Oracle America
MotoHelperAgent.exe       1,528 K   912 K   1032   MotoHelperAgent       (Verified) Motorola Mobility Inc.
MotoHelperService.exe       2,376 K   556 K   1408   MotoHelper Service       (Verified) Motorola Mobility Inc.
mscorsvw.exe       5,916 K   2,016 K   3584   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
mscorsvw.exe       4,440 K   1,968 K   3500   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
procexp.exe       2,492 K   6,820 K   3492   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
SmoothView.exe       860 K   432 K   2392   SmoothView   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
smss.exe       372 K   280 K   284   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,060 K   2,276 K   1180   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,008 K   1,964 K   308   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,740 K   1,420 K   1464   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,216 K   2,828 K   2248   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       5,016 K   4,320 K   3360   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       10,100 K   9,288 K   1224   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       16,916 K   11,336 K   760   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       6,220 K   7,432 K   924   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       103,952 K   14,452 K   944   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SynTPHelper.exe       892 K   412 K   2916   Synaptics Pointing Device Helper   Synaptics Incorporated   (Verified) Synaptics Incorporated
System Idle Process       0 K   24 K   0
TCrdMain.exe       7,500 K   4,868 K   2400   TOSHIBA Flash Cards   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosCoSrv.exe       2,216 K   480 K   1536   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosNcCore.exe       2,012 K   1,164 K   2424   Message Center   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosReelTimeMonitor.exe       20,312 K   17,396 K   2432   Monitor of TOSHIBA ReelTime   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSENotify.exe       3,128 K   2,240 K   2696   TosSENotify.exe.mui   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe       2,124 K   1,784 K   2224   TosSmartSrv.exe   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TPwrMain.exe       3,072 K   792 K   2384   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
wininit.exe       1,288 K   332 K   424   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
winlogon.exe       2,472 K   1,468 K   488   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       1,000 K   364 K   1780   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
WmiPrvSE.exe       2,356 K   5,920 K   2200   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   < 0.01   4,892 K   2,396 K   1644   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
TODDSrv.exe   < 0.01   1,340 K   444 K   1500   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
SearchIndexer.exe   < 0.01   20,572 K   10,040 K   2736   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   < 0.01   2,092 K   2,536 K   384   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   13,488 K   9,716 K   932   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   4,416 K   4,916 K   712   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
taskhost.exe   0.01   7,176 K   3,380 K   2004   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   118,164 K   115,124 K   876   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.02   15,616 K   15,284 K   620   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
services.exe   0.02   5,524 K   4,472 K   524   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
paltalk.exe   0.03   27,912 K   9,136 K   2688   Paltalk Messenger   AVM Software Inc.   (Verified) Paltalk.com
lsm.exe   0.04   2,404 K   1,864 K   540   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
BelkinRouterMonitor.exe   0.06   11,956 K   12,504 K   1072       Affinegy, Inc.   (Verified) Affinegy
svchost.exe   0.06   3,660 K   3,648 K   644   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe   0.07   3,828 K   5,172 K   532   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
explorer.exe   0.12   31,796 K   37,576 K   900   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
System   0.14   160 K   356 K   4
dwm.exe   0.36   58,872 K   26,556 K   1260   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   0.36   2,804 K   4,600 K   432   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.45   2,592 K   2,380 K   1344   NService Application   Nero AG   (Verified) Nero AG
BelkinSetup.exe   0.47   31,488 K   8,704 K   3004   Belkin Setup / Router Monitor Application   Affinegy, Inc.   (Verified) Affinegy
SynTPEnh.exe   0.52   7,780 K   3,656 K   2376   Synaptics TouchPad Enhancements   Synaptics Incorporated   (Verified) Synaptics Incorporated
Interrupts   0.97   0 K   0 K   n/a   Hardware Interrupts and DPCs
firefox.exe   2.27   211,968 K   230,712 K   2288   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
procexp64.exe   4.71   24,424 K   40,664 K   1776   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
svchost.exe   89.31   1,113,424 K   1,073,628 K   956   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows

Thanks!

#4
RKinner

Posted 24 July 2016 - 02:41 PM

Malware Expert

Expert
24,625 posts

svchost.exe 89.31 1,113,424 K 1,073,628 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

This is why it is slow. Using almost 90% of your CPU and a gig of memory.

If you hover over the svchost.exe in Process Explorer it will show you which services are riding on it. I expect it is the svchost that carries Windows Update.

If you haven't rebooted you can

copy thye next 2 lines:

tasklist /svc > \junk.txt

notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

If you have rebooted since the last Process Explorer log, just make another one and post it.

#5
its_chele

Posted 24 July 2016 - 07:18 PM

Member

Topic Starter
Member
91 posts

Sorry I had rebooted so I hope this was what you wanted

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
svchost.exe   86.33   1,329,568 K   1,177,836 K   924   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
procexp64.exe   6.17   22,648 K   37,848 K   3384   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
Interrupts   1.76   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   1.56   53,896 K   23,188 K   1700   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
TosReelTimeMonitor.exe   1.39   17,096 K   7,428 K   2720   Monitor of TOSHIBA ReelTime   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
SynTPEnh.exe   0.78   7,792 K   3,788 K   2464   Synaptics TouchPad Enhancements   Synaptics Incorporated   (Verified) Synaptics Incorporated
csrss.exe   0.72   2,176 K   3,872 K   432   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
BelkinSetup.exe   0.59   31,288 K   2,004 K   2948   Belkin Setup / Router Monitor Application   Affinegy, Inc.   (Verified) Affinegy
System   0.40   160 K   352 K   4
explorer.exe   0.14   24,916 K   23,256 K   1932   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
BelkinRouterMonitor.exe   0.06   9,884 K   9,744 K   2816       Affinegy, Inc.   (Verified) Affinegy
firefox.exe   0.04   239,876 K   191,340 K   3272   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
paltalk.exe   0.01   26,812 K   6,296 K   2920   Paltalk Messenger   AVM Software Inc.   (Verified) Paltalk.com
svchost.exe   0.01   3,576 K   3,332 K   664   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.01   2,636 K   2,420 K   1340   NService Application   Nero AG   (Verified) Nero AG
taskhost.exe   0.01   7,080 K   3,664 K   1560   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   105,872 K   24,752 K   3448   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.01   20,324 K   10,312 K   2556   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   13,316 K   6,956 K   984   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   < 0.01   6,276 K   2,840 K   1708   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
svchost.exe   < 0.01   5,716 K   4,096 K   900   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,344 K   736 K   1532   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TCrdMain.exe   < 0.01   7,476 K   4,584 K   2540   TOSHIBA Flash Cards   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
igfxsrvc.exe   < 0.01   1,708 K   1,324 K   2528   igfxsrvc Module   Intel Corporation   (Verified) Intel Corporation
igfxext.exe   < 0.01   1,412 K   1,360 K   2676   igfxext Module   Intel Corporation   (Verified) Intel Corporation
wmpnetwk.exe       14,348 K   6,588 K   3496   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       2,376 K   4,076 K   3668   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       992 K   612 K   1804   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,464 K   1,544 K   488   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,288 K   460 K   424   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
TPwrMain.exe       3,072 K   1,764 K   2480   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe       2,160 K   2,932 K   640   TosSmartSrv.exe   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSENotify.exe       3,100 K   3,148 K   3596   TosSENotify.exe.mui   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosNcCore.exe       2,024 K   1,180 K   2712   Message Center   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosCoSrv.exe       2,228 K   976 K   1612   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
System Idle Process       0 K   24 K   0
SynTPHelper.exe       888 K   516 K   2892   Synaptics Pointing Device Helper   Synaptics Incorporated   (Verified) Synaptics Incorporated
svchost.exe       3,740 K   3,900 K   732   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       9,924 K   5,192 K   1228   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       105,396 K   94,360 K   872   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       16,496 K   8,620 K   832   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,456 K   4,080 K   3968   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,652 K   1,476 K   1472   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,188 K   672 K   1248   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,872 K   1,744 K   388   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,016 K   1,856 K   1188   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       368 K   364 K   284   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
SmoothView.exe       856 K   412 K   2496   SmoothView   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
services.exe       4,920 K   4,476 K   524   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
rundll32.exe       1,552 K   1,316 K   2216   Windows host process (Rundll32)   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,476 K   6,808 K   3632   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
mscorsvw.exe       4,264 K   2,640 K   4000   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
mscorsvw.exe       5,520 K   3,072 K   4072   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
MotoHelperService.exe       2,376 K   1,408 K   1372   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,548 K   1,320 K   2100   MotoHelperAgent       (Verified) Motorola Mobility Inc.
lsm.exe       2,304 K   1,764 K   540   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe       3,964 K   4,056 K   532   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
jusched.exe       2,368 K   2,152 K   2940   Java Update Scheduler   Oracle Corporation   (Verified) Oracle America
igfxtray.exe       1,792 K   1,460 K   2352   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,148 K   1,624 K   2412   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,500 K   1,764 K   2388   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
csrss.exe       2,080 K   2,464 K   384   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
cAudioFilterAgent64.exe       1,672 K   1,072 K   2444   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,992 K   1,588 K   1308   BelkinService   Affinegy, Inc.   (Verified) Affinegy

#6
RKinner

Posted 24 July 2016 - 08:14 PM

Malware Expert

Expert
24,625 posts

I need the junk.txt file too. It will show me which svchost is causing the problem but I need the Process Explorer log at the same time/from the same boot so I can compare PID numbers.

#7
its_chele

Posted 24 July 2016 - 08:22 PM

Member

Topic Starter
Member
91 posts

oops here it is

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       284 N/A
csrss.exe                      384 N/A
wininit.exe                    424 N/A
csrss.exe                      432 N/A
winlogon.exe                   488 N/A
services.exe                   524 N/A
lsass.exe                      532 KeyIso, SamSs
lsm.exe                        540 N/A
svchost.exe                    664 DcomLaunch, PlugPlay, Power
svchost.exe                    732 RpcEptMapper, RpcSs
svchost.exe                    832 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
svchost.exe                    872 AudioEndpointBuilder, Netman, PcaSvc,
                                   SysMain, TrkWks, UxSms, Wlansvc
svchost.exe                    900 EventSystem, FontCache, netprofm, nsi,
                                   WdiServiceHost
svchost.exe                    924 Appinfo, BITS, EapHost, IKEEXT, iphlpsvc,
                                   LanmanServer, MMCSS, ProfSvc, Schedule,
                                   SENS, ShellHWDetection, Themes, Winmgmt,
                                   wuauserv
svchost.exe                    388 gpsvc
svchost.exe                    984 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
spoolsv.exe                   1188 Spooler
svchost.exe                   1228 BFE, DPS, MpsSvc
BelkinService.exe             1308 AffinegyService
NServiceEntry.exe             1340 DeviceMonitorService
MotoHelperService.exe         1372 MotoHelper
svchost.exe                   1472 stisvc
TODDSrv.exe                   1532 TODDSrv
TosCoSrv.exe                  1612 TosCoSrv
WLIDSVC.EXE                   1708 wlidsvc
WLIDSVCM.EXE                  1804 N/A
svchost.exe                   1248 PolicyAgent
taskhost.exe                  1560 N/A
dwm.exe                       1700 N/A
explorer.exe                  1932 N/A
MotoHelperAgent.exe           2100 N/A
rundll32.exe                  2216 N/A
igfxtray.exe                  2352 N/A
hkcmd.exe                     2388 N/A
igfxpers.exe                  2412 N/A
cAudioFilterAgent64.exe       2444 N/A
SynTPEnh.exe                  2464 N/A
TPwrMain.exe                  2480 N/A
SmoothView.exe                2496 N/A
TCrdMain.exe                  2540 N/A
TosNcCore.exe                 2712 N/A
TosReelTimeMonitor.exe        2720 N/A
SynTPHelper.exe               2892 N/A
igfxext.exe                   2676 N/A
igfxsrvc.exe                  2528 N/A
BelkinRouterMonitor.exe       2816 N/A
jusched.exe                   2940 N/A
BelkinSetup.exe               2948 N/A
SearchIndexer.exe             2556 WSearch
firefox.exe                   3272 N/A
svchost.exe                   3968 SSDPSRV, upnphost
mscorsvw.exe                  4000 clr_optimization_v4.0.30319_32
mscorsvw.exe                  4072 clr_optimization_v4.0.30319_64
svchost.exe                   3448 WinDefend
wmpnetwk.exe                  3496 WMPNetworkSvc
TosSmartSrv.exe                640 TOSHIBA HDD SSD Alert Service
TosSENotify.exe               3596 N/A
procexp.exe                   3632 N/A
procexp64.exe                 3384 N/A
audiodg.exe                   3088 N/A
paltalk.exe                   2456 N/A
cmd.exe                        784 N/A
conhost.exe                   3060 N/A
tasklist.exe                  1008 N/A
WmiPrvSE.exe                  3628 N/A

#8
RKinner

Posted 24 July 2016 - 11:07 PM

Malware Expert

Expert
24,625 posts

OK. As we saw from the Process Explorer log PID 924 is eating up the CPU.

From the junk.txt file we get:

svchost.exe                    924 Appinfo, BITS, EapHost, IKEEXT, iphlpsvc,
                                   LanmanServer, MMCSS, ProfSvc, Schedule,
                                   SENS, ShellHWDetection, Themes, Winmgmt,
                                   wuauserv

Normally the wuauserv (Windows Update) is the culprit.

Search for

services.msc

and hit Enter. This should open the services window.

Find Windows Update and click on it then STOP the service.

While the service is stopped, run Process Explorer log and see if that reduced the amount of CPU usage (System Idle should now have the largest CPU %)

If that is the case then copy the next line:

net stop bits & Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" & net start bits

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter.

Go back to the Services Window and Start Windows Update. Make a new Process Explorer log and post it.

#9
its_chele

Posted 25 July 2016 - 06:15 AM

Member

Topic Starter
Member
91 posts

I don't know if it was what you said using most but here is new process with windows updated stopped.

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   35.21   23,896 K   39,192 K   2984   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   21.54   0 K   24 K   0
firefox.exe   16.23   207,316 K   167,908 K   3996   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
Interrupts   6.92   0 K   0 K   n/a   Hardware Interrupts and DPCs
SynTPEnh.exe   6.13   7,780 K   3,720 K   2088   Synaptics TouchPad Enhancements   Synaptics Incorporated   (Verified) Synaptics Incorporated
dwm.exe   5.35   52,648 K   23,968 K   756   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   3.06   2,536 K   3,968 K   436   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
BelkinSetup.exe   2.98   31,004 K   2,028 K   3048   Belkin Setup / Router Monitor Application   Affinegy, Inc.   (Verified) Affinegy
System   1.05   164 K   608 K   4
explorer.exe   0.60   30,036 K   21,936 K   504   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
BelkinRouterMonitor.exe   0.34   11,416 K   12,056 K   2700       Affinegy, Inc.   (Verified) Affinegy
wmpnetwk.exe   0.10   14,596 K   9,200 K   3716   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.09   24,836 K   24,992 K   924   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
mmc.exe   0.09   22,280 K   28,308 K   3080   Microsoft Management Console   Microsoft Corporation   (Verified) Microsoft Windows
paltalk.exe   0.08   26,896 K   5,628 K   2520   Paltalk Messenger   AVM Software Inc.   (Verified) Paltalk.com
NServiceEntry.exe   0.05   2,624 K   2,420 K   1352   NService Application   Nero AG   (Verified) Nero AG
taskhost.exe   0.05   7,156 K   4,240 K   1948   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe   0.03   3,780 K   4,372 K   520   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.03   13,548 K   7,172 K   1012   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   0.02   6,216 K   2,644 K   1712   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
svchost.exe   0.02   5,840 K   4,660 K   900   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.02   117,268 K   107,820 K   872   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   < 0.01   2,092 K   1,788 K   384   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,340 K   696 K   1568   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WLIDSVCM.EXE       1,004 K   556 K   1820   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,460 K   1,512 K   492   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,292 K   336 K   424   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
TPwrMain.exe       3,080 K   1,724 K   2096   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe       2,152 K   1,716 K   2432   TosSmartSrv.exe   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSENotify.exe       3,104 K   1,836 K   4080   TosSENotify.exe.mui   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosReelTimeMonitor.exe       20,212 K   17,220 K   2396   Monitor of TOSHIBA ReelTime   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosNcCore.exe       2,016 K   1,044 K   2388   Message Center   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosCoSrv.exe       2,228 K   856 K   1608   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TCrdMain.exe       7,460 K   5,512 K   2112   TOSHIBA Flash Cards   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
SynTPHelper.exe       896 K   468 K   2628   Synaptics Pointing Device Helper   Synaptics Incorporated   (Verified) Synaptics Incorporated
svchost.exe       3,636 K   3,656 K   664   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       9,972 K   5,312 K   1240   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       107,128 K   13,992 K   3672   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,792 K   4,496 K   728   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       16,412 K   8,452 K   828   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,640 K   1,352 K   1532   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,212 K   2,140 K   320   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,004 K   528 K   2028   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,536 K   2,932 K   2972   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,036 K   1,848 K   1196   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       368 K   236 K   284   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
SmoothView.exe       860 K   336 K   2104   SmoothView   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
services.exe       4,812 K   4,528 K   512   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe       19,472 K   6,420 K   2872   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,484 K   6,768 K   2216   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
mscorsvw.exe       7,496 K   6,832 K   3512   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
mscorsvw.exe       5,684 K   7,432 K   3440   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
MotoHelperService.exe       3,188 K   1,260 K   1392   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,544 K   1,112 K   1720   MotoHelperAgent       (Verified) Motorola Mobility Inc.
lsm.exe       2,464 K   1,820 K   528   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
jusched.exe       2,360 K   2,112 K   2720   Java Update Scheduler   Oracle Corporation   (Verified) Oracle America
igfxtray.exe       1,784 K   1,396 K   1172   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxsrvc.exe       1,796 K   2,532 K   2316   igfxsrvc Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,180 K   2,512 K   2064   persistence Module   Intel Corporation   (Verified) Intel Corporation
igfxext.exe       1,424 K   1,316 K   2816   igfxext Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,552 K   1,736 K   2056   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,672 K   1,056 K   2072   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,996 K   1,672 K   1320   BelkinService   Affinegy, Inc.   (Verified) Affinegy

then I copied command and restarted update this is new process log

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   24.16   22,928 K   37,756 K   304   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   19.49   0 K   24 K   0
BelkinRouterMonitor.exe   8.30   11,416 K   7,180 K   2700       Affinegy, Inc.   (Verified) Affinegy
BelkinSetup.exe   7.39   31,080 K   5,804 K   3048   Belkin Setup / Router Monitor Application   Affinegy, Inc.   (Verified) Affinegy
svchost.exe   6.65   2,268,120 K   1,593,532 K   924   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   6.16   118,228 K   102,204 K   872   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   5.97   0 K   0 K   n/a   Hardware Interrupts and DPCs
firefox.exe   5.08   190,044 K   113,968 K   3996   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
System   4.93   164 K   368 K   4
dwm.exe   4.35   54,664 K   22,280 K   756   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
SynTPEnh.exe   2.13   7,804 K   3,512 K   2088   Synaptics TouchPad Enhancements   Synaptics Incorporated   (Verified) Synaptics Incorporated
csrss.exe   1.92   2,920 K   5,416 K   436   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   1.84   2,640 K   2,404 K   1352   NService Application   Nero AG   (Verified) Nero AG
explorer.exe   0.33   34,884 K   32,064 K   504   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.29   16,816 K   9,244 K   828   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.25   5,764 K   4,492 K   900   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe   0.21   3,880 K   4,084 K   520   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.21   3,804 K   3,840 K   728   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
mmc.exe   0.05   22,388 K   3,376 K   3080   Microsoft Management Console   Microsoft Corporation   (Verified) Microsoft Windows
lsm.exe   0.05   2,464 K   1,724 K   528   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.05   14,724 K   7,076 K   3716   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
paltalk.exe   0.04   26,948 K   4,388 K   2520   Paltalk Messenger   AVM Software Inc.   (Verified) Paltalk.com
svchost.exe   0.04   110,172 K   3,372 K   3672   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.03   22,800 K   10,960 K   2872   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
SearchFilterHost.exe   0.02   1,596 K   4,452 K   1452   Microsoft Windows Search Filter Host   Microsoft Corporation   (Verified) Microsoft Windows
taskhost.exe   0.02   7,092 K   3,484 K   1948   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   13,784 K   6,296 K   1012   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   0.01   6,220 K   2,120 K   1712   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
csrss.exe   0.01   2,092 K   1,360 K   384   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
TosReelTimeMonitor.exe   < 0.01   20,880 K   5,580 K   2396   Monitor of TOSHIBA ReelTime   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TODDSrv.exe   < 0.01   1,340 K   396 K   1568   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       2,248 K   5,732 K   2964   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       1,004 K   304 K   1820   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,460 K   1,396 K   492   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,292 K   336 K   424   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
TrustedInstaller.exe       3,104 K   4,444 K   1360   Windows Modules Installer   Microsoft Corporation   (Verified) Microsoft Windows
TPwrMain.exe       3,080 K   452 K   2096   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe       2,152 K   752 K   2432   TosSmartSrv.exe   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosSENotify.exe       3,104 K   592 K   4080   TosSENotify.exe.mui   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosNcCore.exe       2,016 K   536 K   2388   Message Center   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TosCoSrv.exe       2,228 K   404 K   1608   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TCrdMain.exe       7,460 K   1,428 K   2112   TOSHIBA Flash Cards   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
SynTPHelper.exe       896 K   404 K   2628   Synaptics Pointing Device Helper   Synaptics Incorporated   (Verified) Synaptics Incorporated
svchost.exe       3,700 K   3,312 K   664   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       10,020 K   4,168 K   1240   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,524 K   2,548 K   2972   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,004 K   468 K   2028   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,212 K   1,696 K   320   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,640 K   564 K   1532   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,036 K   2,112 K   1196   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       368 K   236 K   284   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
SmoothView.exe       860 K   260 K   2104   SmoothView   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
services.exe       5,020 K   4,036 K   512   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
SearchProtocolHost.exe       2,420 K   2,128 K   3228   Microsoft Windows Search Protocol Host   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,492 K   6,752 K   3372   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
mscorsvw.exe       7,220 K   2,152 K   3512   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
mscorsvw.exe       5,508 K   2,416 K   3440   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Dynamic Code Publisher
MotoHelperService.exe       3,188 K   556 K   1392   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,544 K   808 K   1720   MotoHelperAgent       (Verified) Motorola Mobility Inc.
jusched.exe       2,360 K   352 K   2720   Java Update Scheduler   Oracle Corporation   (Verified) Oracle America
igfxtray.exe       1,784 K   484 K   1172   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxsrvc.exe       1,772 K   1,024 K   2316   igfxsrvc Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,132 K   1,056 K   2064   persistence Module   Intel Corporation   (Verified) Intel Corporation
igfxext.exe       1,424 K   524 K   2816   igfxext Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,552 K   660 K   2056   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,700 K   1,040 K   2072   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,996 K   484 K   1320   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       15,800 K   14,936 K   3852   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows

#10
RKinner

Posted 25 July 2016 - 06:34 AM

Malware Expert

Expert
24,625 posts

Control Panel, (View, By Large Icons), Windows Update, Change Settings

Change Important Updates to Check for updates but let me choose to download and Install them. OK

This may stop Windows Updates from using all of your CPU & Memory.

Control Panel, (View, By Large Icons), Windows Update, Do you have any updates? If so try installing just 1. If not:

Control Panel, (View, By Large Icons), Windows Update, Check for Updates, MS has made this a very slow process. Can take 24 hours. To speed it up and to fix update issues you can try running:

System Update Readiness Tool for Windows 7

This link is for 64 bit:

https://www.microsof...s.aspx?id=20858

Once that runs then if you don't have them get

KB3083710 and KB3102810

https://support.micr...n-us/kb/3083710

https://support.micr...n-us/kb/3102810

Then try Windows Update again and see if you have better luck.

Run a new Process Explorer log. Make sure you wait one minute before saving the log. This allows procexp64.exe to settle back to its normal values so it doesn't appear to be using too much CPU.

#11
its_chele

Posted 26 July 2016 - 07:26 AM

Member

Topic Starter
Member
91 posts

I have tried a long time to use the tool for updates last night didn't know if it was slow or just not working...so I started it again about 10 minutes ago...will let ya know if it seems to go or not....not sure if it supposed to take a long time or just not working?

#12
RKinner

Posted 26 July 2016 - 07:38 AM

Malware Expert

Expert
24,625 posts

Usually takes a few hours but if the cpu is busy doing other stuff can take all night.

#13
its_chele

Posted 27 July 2016 - 01:59 PM

Member

Topic Starter
Member
91 posts

It is finally installing one update....just wanted to touch base...will let ya know tomorrow

#14
its_chele

Posted 01 August 2016 - 08:02 PM

Member

Topic Starter
Member
91 posts

It finally did one update with the windows installer....but windows update itself says it has 125 updates...I am trying to install by the date they was issued Seems very long process!

#15
RKinner

Posted 01 August 2016 - 08:09 PM

Malware Expert

Expert
24,625 posts

Did you install the other two updates I mentioned? That usually speeds up things a bit.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Malware, Sluggish

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,726 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,789 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,783 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,600 views	DR M 03 Feb 2022