Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Invasion of Undetectable Malware: No Idea What to Do

Windows 7 Mysterious Malware Unidentifiable Urgent Help Malwarebytes

  • Please log in to reply

#1
Waste of Space

Waste of Space

    Member

  • Member
  • PipPip
  • 29 posts

My apologies if this specific topic has already been raised, but my PC is moving so slowly I don't have the luxury of searching through the other posts in this forum before posting my own.

 

I'm using an HP Compaq dc 7600 running Windows 7 Home Premium (Service Pack 1), 64-bit.

 

At breakfast time yesterday I went online to check my emails (Yahoo Mail), then visited Yahoo Answers, Wikipedia, a gig-ticketing website and the website of the Nottingham Arena. There were no suspicious-looking emails in my inbox and if there had been I certainly wouldn't have opened them.  I shut down my PC and went out for several hours.  At lunchtime I switched the PC back on, visited the HP Customer Support website for info on how to make my printer perform better, then checked my emails again and went to Yahoo Answers.

 

While I was on Yahoo Answers, a small white pop-up appeared at the bottom right of my screen, carrying an alert which read something like 'Warning: AVG and Windows Defender are currently disabled'.  This took me by surprise on several levels: (1)  It wasn't an AVG pop-up, and even if it had been, it probably wouldn't have told me anything about Windows Defender; (2) it didn't appear to be a Microsoft pop-up, and even if it had been, it probably wouldn't have told me anything about AVG; (3) there was no apparent reason why either defence mechanism should've become disabled as stated, especially bearing in mind how innocent my browsing activities had been so far that day.

 

I smelled a rat and assumed that the pop-up had been placed on my screen in a bid to make me click on it and thereby unleash something nasty into my PC, so instead what I did was switch off my router and then switch off my PC at the wall-socket (clicking my mouse on the Start-Up button was having no effect and I wanted to shut down fast in case something was actually in the process of entering my computer).

 

I immediately started the PC back up again with the intention of running a malware scan (Malwarebytes Anti-Malware Home Premium)  -  but instead of the program taking its normal twelve minutes to run, it took an astonishing 18 hours 55 minutes and didn't succeed in detecting any suspicious objects at all, any more than it detected anything nasty incoming yesterday morning.  (SpywareBlaster didn't detect anything either.)

 

Today, my PC is doing everything very slowly and I'm gravely worried that something extremely unpleasant is lurking inside it, completely invisible to Malwarebytes.  If one of you Einsteins could throw me a rope here, I really would appreciate it. (An understatement.)

Many thanks for reading this.


Edited by Waste of Space, 04 April 2017 - 06:45 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

  • 0

#3
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

RKinner, big thanks for your input.  I followed your step-by-step advice, but the end result goes right over my head unless the word 'verified' is what we're looking for here.  I'm sincerely hoping it makes a lot more sense to you.  Needless to say, the process took a while (and I waited three minutes instead of one minute before saving the results, just to be safe).  If it still needs refining, I'll give it another go.  Your help is greatly appreciated.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 1,192 K 364 K 1780 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
avgcsrva.exe 17,272 K 108,572 K 424 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgemca.exe 3,036 K 1,772 K 2844 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgnsa.exe 6,872 K 8,000 K 4168 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgrsa.exe 17,324 K 25,808 K 360 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgsvca.exe 10,132 K 16,072 K 1820 AVG Service Process AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avguix.exe 13,188 K 15,996 K 2876 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
chrome.exe 3,868 K 8,084 K 3252 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,908 K 9,140 K 2996 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 116,672 K 118,644 K 2960 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 82,968 K 115,440 K 2408 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 8,896 K 17,336 K 5988 Google Chrome Google Inc. (Verified) Google Inc
ctfmon.exe 2,088 K 628 K 5060 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
hkcmd.exe 2,276 K 1,512 K 2332 hkcmd Module Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 972 K 804 K 3124 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
igfxpers.exe 2,036 K 2,432 K 2372 persistence Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe 2,188 K 2,780 K 2504 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxtray.exe 2,404 K 1,468 K 2328 igfxTray Module Intel Corporation (Verified) Intel Corporation
lsm.exe 2,580 K 1,864 K 892 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mbae.exe 5,152 K 2,176 K 3148 Malwarebytes Anti-Exploit Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 5,912 K 5,080 K 1720 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
procexp.exe 2,240 K 7,252 K 5476 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVBg64.exe 14,424 K 1,988 K 1452 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVCpl64.exe 8,304 K 2,164 K 2348 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,864 K 1,332 K 1344 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
services.exe 6,072 K 5,700 K 876 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 520 K 284 K 260 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2,196 K 5,856 K 5876 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
SpotifyWebHelper.exe 1,668 K 772 K 2864 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB
SSScheduler.exe 1,328 K 504 K 3344 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
svchost.exe 4,748 K 2,244 K 1880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,984 K 2,820 K 2632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,396 K 1,996 K 1248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,800 K 13,004 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 K 24 K 0
wininit.exe 1,584 K 256 K 824 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,844 K 1,504 K 800 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WINWORD.EXE 25,860 K 68,452 K 212 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
WmiPrvSE.exe 5,344 K 5,356 K 4052 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2,092 K 1,728 K 5812 Windows Update Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe < 0.01 503,496 K 348,672 K 4016 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
mbae64.exe < 0.01 1,904 K 1,536 K 1124 Malwarebytes Anti-Exploit 64bit tasks Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe < 0.01 97,844 K 91,812 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,516 K 2,368 K 712 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,320 K 11,372 K 4912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 21,604 K 10,088 K 3644 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 11,612 K 11,544 K 5028 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 0.01 1,016 K 304 K 1432 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
avgui.exe 0.01 47,148 K 31,932 K 3188 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe 0.01 11,284 K 13,688 K 1104 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.01 12,784 K 6,560 K 2108 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 4,384 K 4,060 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 91,928 K 160,580 K 1392 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.02 14,888 K 10,520 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 5,012 K 6,584 K 624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AVGSvc.exe 0.02 57,200 K 38,464 K 1556 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
mbae-svc.exe 0.02 6,360 K 4,516 K 1924 Malwarebytes Anti-Exploit Service Malwarebytes Corporation (Verified) Malwarebytes Corporation
CCleaner64.exe 0.03 9,288 K 3,500 K 3460 CCleaner Piriform Ltd (Verified) Piriform Ltd
explorer.exe 0.03 34,624 K 51,204 K 2496 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.07 8,292 K 11,500 K 768 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 0.09 3,932 K 3,868 K 3356 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.12 5,156 K 6,876 K 884 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 0.14 7,208 K 5,528 K 1672 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.22 8,816 K 11,452 K 4028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.23 13,880 K 10,836 K 1700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbam.exe 0.42 31,836 K 25,548 K 3996 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
Interrupts 0.44 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.62 528 K 29,992 K 4
dwm.exe 1.93 27,216 K 36,524 K 2468 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 5.32 26,820 K 51,716 K 4172 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
AVGUI.exe 24.05 13,964 K 14,928 K 2732 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgwdsvca.exe 24.53 21,620 K 27,096 K 1852 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe 41.60 54,004 K 26,072 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

Edited by Waste of Space, 04 April 2017 - 07:32 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP
IF you look at your Process explorer log 
AVGUI.exe 24.05 13,964 K 14,928 K 2732 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgwdsvca.exe 24.53 21,620 K 27,096 K 1852 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe 41.60 54,004 K 26,072 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
 
you will see that SVCHOST.EXE is the biggest user but AVG is second and third and together they eat almost all of the CPU's time.  I can't tell why AVG has gone crazy but we can look at SVCHOST:
 
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
 
Open an Elevated Command Prompt:
 
 
(An elevated Command Prompt will show a C:\Windows\System32> prompt.  If you don't see that then you don't have an elevated command prompt)
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#5
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Many thanks for bringing your brain to bear on my problem, RKinner.

 

Er.... Is what you suggest going to work when I'm using Windows 7?  It seems to relate to Windows 8.  Or am I being dumb here?  I am VERY ignorant, see.

 

Your on-going help is greatly appreciated.

 

(Thought I'd mention that I just ran CHKDSK and instead of taking about 2 minutes it took 55 minutes, including 37 minutes on 'Verifying File Data' and another 12 minutes on 'Verifying Free Space'.  Yikes.)


Edited by Waste of Space, 04 April 2017 - 10:51 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP

Sorry.  

Use this for Win 7:

 
Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 

  • 0

#7
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hmmm, well, I had a shot and came up with this result.  Heaven knows if it's the result you were looking for  -  I wasn't entirely certain where on the screen to paste the two lines you supplied.  Although they were two separate lines on your post, they came out as all one line when I pasted them.  (Hope I'm not ruining your day here.)

 

Thanks.

 

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       260 N/A                                         
avgrsa.exe                     360 N/A                                         
avgcsrva.exe                   424 N/A                                         
csrss.exe                      712 N/A                                         
wininit.exe                    764 N/A                                         
csrss.exe                      772 N/A                                         
winlogon.exe                   820 N/A                                         
services.exe                   868 N/A                                         
lsass.exe                      876 KeyIso, SamSs                               
lsm.exe                        892 N/A                                         
svchost.exe                    984 DcomLaunch, PlugPlay, Power                 
svchost.exe                    628 RpcEptMapper, RpcSs                         
svchost.exe                    724 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1068 AudioEndpointBuilder, hidserv,              
                                   HomeGroupListener, Netman, PcaSvc, SysMain, 
                                   TrkWks, UxSms                               
svchost.exe                   1100 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost                         
svchost.exe                   1156 AeLookupSvc, Appinfo, Browser, IKEEXT,      
                                   iphlpsvc, LanmanServer, ProfSvc, Schedule,  
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
svchost.exe                   1252 gpsvc                                       
RtkAudioService64.exe         1324 RtkAudioService                             
RAVBg64.exe                   1404 N/A                                         
svchost.exe                   1428 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AVGSvc.exe                    1524 AVG Antivirus                               
spoolsv.exe                   1656 Spooler                                     
svchost.exe                   1684 BFE, DPS, MpsSvc                            
armsvc.exe                    1772 AdobeARMservice                             
avgsvca.exe                   1812 avgsvc                                      
avgwdsvca.exe                 1904 avgwd                                       
svchost.exe                   1928 DiagTrack                                   
mbae-svc.exe                  1980 MbaeSvc                                     
mbae64.exe                    1704 N/A                                         
conhost.exe                   1468 N/A                                         
svchost.exe                   1852 stisvc                                      
taskhost.exe                  2192 N/A                                         
dwm.exe                       2360 N/A                                         
explorer.exe                  2368 N/A                                         
igfxtray.exe                  2672 N/A                                         
hkcmd.exe                     2720 N/A                                         
igfxsrvc.exe                  2728 N/A                                         
igfxpers.exe                  2736 N/A                                         
RAVCpl64.exe                  2784 N/A                                         
avguix.exe                    1520 N/A                                         
SpotifyWebHelper.exe          2608 N/A                                         
AVGUI.exe                     3140 N/A                                         
SSScheduler.exe               3428 N/A                                         
SearchIndexer.exe             3452 WSearch                                     
rundll32.exe                  3480 N/A                                         
avgnsa.exe                    3512 N/A                                         
avgemca.exe                   3520 N/A                                         
hpwuschd2.exe                 3744 N/A                                         
mbae.exe                      3992 N/A                                         
avgui.exe                     3076 N/A                                         
wmpnetwk.exe                  3476 WMPNetworkSvc                               
svchost.exe                   5056 FDResPub, SSDPSRV, upnphost                 
svchost.exe                   3048 p2pimsvc, p2psvc, PNRPsvc                   
chrome.exe                    4032 N/A                                         
chrome.exe                    4560 N/A                                         
chrome.exe                    4628 N/A                                         
chrome.exe                    4484 N/A                                         
CCleaner64.exe                2768 N/A                                         
chrome.exe                    4968 N/A                                         
ctfmon.exe                    1244 N/A                                         
wuauclt.exe                   2416 N/A                                         
WmiPrvSE.exe                  4712 N/A                                         
chrome.exe                    2656 N/A                                         
WINWORD.EXE                   4544 N/A                                         
splwow64.exe                  3316 N/A                                         
taskeng.exe                   3548 N/A                                         
HPCustPartic.exe              4140 N/A                                         
audiodg.exe                   2988 N/A                                         
cmd.exe                       1592 N/A                                         
conhost.exe                   3420 N/A                                         
tasklist.exe                  3824 N/A                                         

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP
svchost.exe                   1156 AeLookupSvc, Appinfo, Browser, IKEEXT,      
                                   iphlpsvc, LanmanServer, ProfSvc, Schedule,  
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv     
 

 

 

Above is the svchost.exe that is causing the trouble.  Each entry represents a separate service.  Normally the   wuauserv   (Windows Update) is the problem.  Search for:
 
services.msc
 
hit Enter.
 
Scroll down to Windows Update.  Right click on it and STOP the service.  Then go back and run Process Explorer and create a new log.  Does it still show SVCHOST.EXE (1156) at the bottom?  Post the log.

  • 0

#9
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Okay, here it is.  And I should mention, I've not been able to install any Windows Updates for almost a year now. They simply won't install.  When I looked for info on the Web about why it might be, I found a mention somewhere of a faulty Silverlight update which caused chaos on various people's computers and which might be to blame, but heaven knows whether that was the cause in my case.  All I know is, I'd quite like to install the occasional Windows update (security, crucial etc.).

 

Thank god all this stuff makes sense to you, innit.  Me, I only have a baked potato for a brain.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 1,180 K 3,452 K 1772 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
avgcsrva.exe 17,152 K 123,688 K 424 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgemca.exe 2,680 K 7,276 K 3520 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgnsa.exe 5,316 K 11,972 K 3512 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avguix.exe 11,108 K 31,268 K 1520 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
chrome.exe 3,880 K 8,072 K 4560 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,872 K 9,088 K 4628 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 219,132 K 222,672 K 4484 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 10,168 K 21,744 K 4968 Google Chrome Google Inc. (Verified) Google Inc
ctfmon.exe 2,076 K 4,188 K 1244 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
hkcmd.exe 2,268 K 4,852 K 2720 hkcmd Module Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 968 K 3,356 K 3744 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
igfxpers.exe 2,024 K 5,428 K 2736 persistence Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe 2,180 K 5,164 K 2728 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxtray.exe 2,396 K 4,956 K 2672 igfxTray Module Intel Corporation (Verified) Intel Corporation
lsass.exe 4,936 K 10,416 K 876 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
mbae.exe 5,432 K 7,344 K 3992 Malwarebytes Anti-Exploit Malwarebytes Corporation (Verified) Malwarebytes Corporation
procexp.exe 2,236 K 7,256 K 4584 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVBg64.exe 14,400 K 7,460 K 1404 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVCpl64.exe 8,304 K 7,772 K 2784 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,808 K 4,148 K 1324 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
rundll32.exe 3,860 K 8,540 K 3480 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,312 K 7,284 K 868 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 520 K 964 K 260 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2,012 K 5,608 K 4124 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,036 K 8,996 K 1656 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SpotifyWebHelper.exe 1,652 K 4,724 K 2608 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB
SSScheduler.exe 1,320 K 3,404 K 3428 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
svchost.exe 3,660 K 5,552 K 1928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,856 K 4,744 K 1852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,460 K 5,120 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,408 K 7,720 K 628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 24,060 K 20,200 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,828 K 27,112 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,220 K 7,536 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,264 K 12,068 K 1684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,672 K 16,384 K 3048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 2,304 K 7,480 K 1124 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,588 K 3,820 K 764 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,784 K 5,492 K 820 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,016 K 8,992 K 4712 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,428 K 6,260 K 5272 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
mbae64.exe < 0.01 1,784 K 4,384 K 1704 Malwarebytes Anti-Exploit 64bit tasks Malwarebytes Corporation (Verified) Malwarebytes Corporation
avgui.exe < 0.01 9,232 K 22,676 K 3076 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgrsa.exe < 0.01 14,628 K 25,212 K 360 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgsvca.exe < 0.01 9,148 K 22,240 K 1812 AVG Service Process AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
WINWORD.EXE < 0.01 17,588 K 49,752 K 3468 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe < 0.01 2,424 K 4,164 K 712 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 86,668 K 92,096 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 22,636 K 13,636 K 3452 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
conhost.exe < 0.01 1,012 K 2,300 K 1468 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 14,416 K 12,948 K 1428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.01 12,084 K 11,196 K 3476 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 10,088 K 17,092 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.01 12,412 K 11,968 K 2192 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
mbae-svc.exe 0.01 5,536 K 8,512 K 1980 Malwarebytes Anti-Exploit Service Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 0.02 2,556 K 3,796 K 892 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
CCleaner64.exe 0.02 10,444 K 1,600 K 2768 CCleaner Piriform Ltd (Verified) Piriform Ltd
AVGSvc.exe 0.04 52,404 K 40,960 K 1524 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
svchost.exe 0.05 8,020 K 15,684 K 5056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.05 8,048 K 16,108 K 772 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.06 30,320 K 53,536 K 2368 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.09 96,996 K 166,628 K 4032 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.26 103,720 K 149,648 K 2656 Google Chrome Google Inc. (Verified) Google Inc
Interrupts 0.49 0 K 0 K n/a Hardware Interrupts and DPCs
System 1.37 532 K 2,780 K 4
dwm.exe 2.18 27,740 K 40,192 K 2360 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 7.43 25,632 K 49,368 K 1232 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 9.82 0 K 24 K 0
AVGUI.exe 33.98 13,908 K 25,308 K 3140 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgwdsvca.exe 44.07 19,844 K 35,680 K 1904 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ

Edited by Waste of Space, 04 April 2017 - 01:08 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP

Windows Update is part of the problem.  We will worry about it later.  Leave it off for now.

 

Download the free Avast:

 

 
Click on Download then choose the free version.
 
 
Download, Save but don't install yet.
 
Uninstall AVG
 
Reboot.
 
Right click on the downloaded Avast installer and Run As Admin.
 
Decline any offers for additional software and stick with the Basic free program.
 
Reboot.
 
Run Process Explorer again as before and make a new log.

  • 0

Advertisements


#11
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Well, that took a while. AVG seemed very reluctant to go. As for Avast, I'm hoping I've downloaded and installed the right version of the free product.  (The only additional item I was offered was a version for iPhones.)  I'm hoping I downloaded the standard version rather than something too unnecessarily huge and liable to interfere with MBAM.  And now we come to the Process Explorer log, which as usual goes right over my head.  Thank you for your patience.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
svchost.exe 49.22 312,272 K 176,864 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 28.75 0 K 24 K 0
procexp64.exe 6.57 25,704 K 50,760 K 3756 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
rundll32.exe 4.09 3,776 K 9,412 K 2272 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 2.72 7,016 K 10,844 K 1416 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 2.04 26,564 K 39,332 K 1252 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2.02 83,876 K 89,208 K 944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.74 4,236 K 8,012 K 712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.85 148 K 1,032 K 4
Interrupts 0.80 0 K 0 K n/a Hardware Interrupts and DPCs
aswidsagenta.exe 0.38 12,704 K 23,692 K 4088 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
AvastSvc.exe 0.32 81,072 K 41,760 K 1212 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
taskhost.exe 0.17 7,924 K 9,760 K 2024 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.10 7,816 K 15,296 K 508 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.04 23,716 K 44,080 K 1496 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.04 4,728 K 10,160 K 612 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 18,100 K 17,896 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CCleaner64.exe 0.03 9,152 K 9,560 K 2456 CCleaner Piriform Ltd (Verified) Piriform Ltd
AvastUI.exe 0.02 11,976 K 11,296 K 2296 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
mbae-svc.exe 0.01 6,052 K 10,644 K 1728 Malwarebytes Anti-Exploit Service Malwarebytes Corporation (Verified) Malwarebytes Corporation
wmpnetwk.exe 0.01 12,040 K 28,236 K 3176 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 9,720 K 14,856 K 976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.01 21,460 K 12,232 K 2784 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,476 K 12,684 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 8,816 K 16,616 K 2996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 6,300 K 7,800 K 596 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,268 K 4,288 K 444 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
conhost.exe < 0.01 1,016 K 2,532 K 1860 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
mbae64.exe < 0.01 1,636 K 4,312 K 1852 Malwarebytes Anti-Exploit 64bit tasks Malwarebytes Corporation (Verified) Malwarebytes Corporation
wuauclt.exe 2,312 K 6,700 K 4244 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,876 K 6,704 K 3956 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WINWORD.EXE 18,440 K 52,764 K 3320 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe 2,812 K 6,044 K 568 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,704 K 3,952 K 496 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 4,352 K 9,740 K 152 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,868 K 4,908 K 1388 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,432 K 13,200 K 2508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,244 K 7,744 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,968 K 12,668 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,900 K 4,904 K 2520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,316 K 5,000 K 368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,704 K 5,836 K 1688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SSScheduler.exe 1,316 K 3,536 K 2228 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
sppsvc.exe 2,724 K 6,960 K 1160 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
SpotifyWebHelper.exe 1,672 K 5,316 K 2168 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB
splwow64.exe 2,220 K 5,728 K 1012 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 556 K 1,016 K 312 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,800 K 4,568 K 456 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVCpl64.exe 8,276 K 8,464 K 2088 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 14,408 K 8,996 K 1100 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,556 K 7,560 K 1828 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mbae.exe 5,116 K 8,964 K 2344 Malwarebytes Anti-Exploit Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 2,556 K 3,940 K 620 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
igfxtray.exe 2,452 K 5,592 K 1616 igfxTray Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe 2,204 K 5,376 K 2080 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxpers.exe 2,012 K 5,612 K 2072 persistence Module Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 976 K 3,444 K 2336 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hkcmd.exe 2,292 K 5,456 K 1532 hkcmd Module Intel Corporation (Verified) Intel Corporation
audiodg.exe 18,828 K 14,764 K 448 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,204 K 3,696 K 1640 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
 
PS:  Uh-oh. I see that Avast has put a shortcut on my desktop for Avast Safezone Browser.  Does this mean I've inadvertently installed a version of Avast which is too much by half?  And that I should uninstall Avast altogether and try downloading it again, this time going for the 'minimal' version rather than the 'recommended' one?  I'm guessing maybe I should.  But I'll await your verdict.

Edited by Waste of Space, 05 April 2017 - 10:55 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP

The safe zone browser is a standard offering.  It's just their version of IE/Chrome/Firefox.  You can delete the shortcut if you don't want it.

 

We are back to SVCHOST.EXE as the culprit.  I assume when you rebooted that Windows Update restarted.

 

svchost.exe 49.22 312,272 K 176,864 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 28.75 0 K 24 K 0

 

 

A quick way to fix it is usually to run Windows Repair All in One:

 

Windows Repair all in one
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure only the following is checkecked checked before hitting Start:
 
 
 
Repair Windows Updates
 
 
Reboot when done and run Process Explorer and create another log.
 
 

  • 0

#13
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hopefully I've done this right  -  but the All In One process didn't seem quite set up in the way I was anticipating.  Still, some repairing definitely went on (and I sincerely hope it makes some sort of major difference, because the start-up version of CHKDSK which is incorporated in the preliminary five-step procedure took 45 minutes on the D-drive and even longer on the C-drive (in fact I admitted defeat and went to bed).  The repair program was run this morning.  Here's the resulting process log.  Thanks as always.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 1,180 K 3,576 K 1628 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
chrome.exe 4,412 K 9,608 K 5112 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,184 K 8,208 K 2012 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 8,976 K 17,224 K 1512 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 126,768 K 129,288 K 2532 Google Chrome Google Inc. (Verified) Google Inc
hkcmd.exe 2,468 K 6,372 K 3624 hkcmd Module Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 1,272 K 4,000 K 3908 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
igfxpers.exe 2,252 K 6,356 K 3708 persistence Module Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe 2,376 K 6,300 K 3648 igfxsrvc Module Intel Corporation (Verified) Intel Corporation
igfxtray.exe 2,612 K 6,576 K 1940 igfxTray Module Intel Corporation (Verified) Intel Corporation
mbae.exe 5,464 K 12,072 K 1960 Malwarebytes Anti-Exploit Malwarebytes Corporation (Verified) Malwarebytes Corporation
procexp.exe 2,528 K 7,552 K 4340 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVBg64.exe 14,412 K 8,372 K 1184 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVCpl64.exe 8,492 K 10,896 K 1968 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,820 K 4,488 K 1072 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
rundll32.exe 4,264 K 11,384 K 3924 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,600 K 8,932 K 552 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 552 K 1,044 K 312 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2,232 K 5,680 K 4100 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,080 K 12,388 K 1484 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SpotifyWebHelper.exe 1,864 K 6,152 K 456 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB
SSScheduler.exe 1,532 K 4,020 K 944 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
svchost.exe 1,900 K 4,992 K 2096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,024 K 8,404 K 1840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,492 K 5,308 K 600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,224 K 14,504 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,288 K 7,972 K 720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 19,236 K 19,544 K 876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,328 K 6,080 K 3492 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,952 K 5,268 K 4216 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 12,124 K 17,100 K 4292 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,716 K 3,792 K 492 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,780 K 6,056 K 584 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WINWORD.EXE 18,028 K 53,504 K 112 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
WmiPrvSE.exe 2,792 K 6,556 K 1480 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,840 K 12,312 K 1584 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WR_Tray_Icon.exe 2,176 K 1,020 K 3856 Tweaking.com - Windows Repair Tray Icon Tweaking.com (Verified) Tweaking LLC
wuauclt.exe 2,276 K 6,720 K 1384 Windows Update Microsoft Corporation (Verified) Microsoft Windows
mbae64.exe < 0.01 1,768 K 4,376 K 1136 Malwarebytes Anti-Exploit 64bit tasks Malwarebytes Corporation (Verified) Malwarebytes Corporation
wmpnetwk.exe < 0.01 11,456 K 10,788 K 2240 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 118,568 K 121,712 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,620 K 8,172 K 812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
conhost.exe < 0.01 1,008 K 2,316 K 1768 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 30,864 K 44,960 K 360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.01 8,892 K 11,960 K 4044 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.01 43,676 K 39,988 K 2292 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,664 K 4,644 K 448 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 10,508 K 16,288 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 0.01 18,988 K 18,808 K 4128 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
aswidsagenta.exe 0.01 20,676 K 26,904 K 3428 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
lsass.exe < 0.01 5,244 K 11,096 K 596 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 35,588 K 25,192 K 1220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbae-svc.exe 0.02 6,964 K 11,048 K 1280 Malwarebytes Anti-Exploit Service Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 2,644 K 3,980 K 604 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
CCleaner64.exe 0.02 9,572 K 1,708 K 4500 CCleaner Piriform Ltd (Verified) Piriform Ltd
AvastUI.exe 0.02 14,292 K 24,632 K 3212 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
explorer.exe 0.03 24,468 K 49,616 K 2032 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 12,876 K 16,212 K 3800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.27 106,632 K 41,192 K 1404 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
chrome.exe 0.09 83,444 K 155,308 K 4152 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.06 8,284 K 15,240 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.23 77,172 K 94,688 K 4788 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.07 7,820 K 15,556 K 524 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.48 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.85 184 K 2,840 K 4
dwm.exe 3.10 27,776 K 47,140 K 3328 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 7.68 27,116 K 52,404 K 2016 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 90.60 0 K 24 K 0

Edited by Waste of Space, 06 April 2017 - 03:08 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP

Things are looking a lot better now.


 

System Idle Process 90.60 0 K 24 K 0

 

 

It should be close to normal speed now.

 

Let's see if there is anything else that needs fixing:

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 

You may want to make the following two separate posts:
 
  •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     

    • 0

    #15
    Waste of Space

    Waste of Space

      Member

    • Topic Starter
    • Member
    • PipPip
    • 29 posts

    RKinner, many thanks for the further suggestions.  I'll get back to you when I've completed all the tasks.

     

    And yes, the PC has definitely speeded up.  And yes, it's now able to download and install Windows Updates for the first time in a year or so.

     

    Glory hallelujah. Gawd bless RKinner, says I.


    Edited by Waste of Space, 06 April 2017 - 10:39 AM.

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Windows 7, Mysterious, Malware, Unidentifiable, Urgent, Help, Malwarebytes

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP