Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.generickd

infection found using esisoft

  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,899 posts
  • MVP

Can you do a Process Explorer log?

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 
Also VEW logs
 
Did you ever run Speedy Fox?

  • 0

Advertisements


#47
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

never used speedy fox

 

first log

 

Process CPU Private Bytes Working Set PID Verified Signer
System Idle Process 92.55 0 K 24 K 0
procexp64.exe 3.17 34,900 K 56,948 K 12704 (Verified) Microsoft Corporation
dllhost.exe 0.82 2,396 K 6,000 K 15068 (Verified) Microsoft Windows
SynTPEnh.exe 0.80 10,348 K 16,912 K 2452 (Verified) Synaptics Incorporated
Interrupts 0.64 0 K 0 K n/a
csrss.exe 0.33 15,096 K 12,744 K 636 (Verified) Microsoft Windows
System 0.32 416 K 10,236 K 4
svchost.exe 0.23 185,076 K 196,964 K 900 (Verified) Microsoft Windows
explorer.exe 0.16 52,728 K 82,340 K 1924 (Verified) Microsoft Windows
svchost.exe 0.16 40,480 K 60,180 K 1064 (Verified) Microsoft Windows
AVGUI.exe 0.16 23,716 K 50,032 K 2064 (Verified) AVG Technologies CZ
AVGSvc.exe 0.13 131,712 K 40,960 K 1756 (Verified) AVG Technologies CZ
chrome.exe 0.07 73,756 K 129,112 K 13012 (Verified) Google Inc
aswidsagenta.exe 0.07 27,968 K 41,932 K 6280 (Verified) AVG Technologies CZ
svchost.exe 0.06 7,636 K 11,636 K 128 (Verified) Microsoft Windows
WmiPrvSE.exe 0.06 5,852 K 11,796 K 5144 (Verified) Microsoft Windows
LMS.exe 0.04 3,516 K 6,084 K 7400 (Verified) Intel Corporation
svchost.exe 0.03 6,536 K 12,576 K 884 (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.03 23,780 K 21,968 K 3928 (Verified) Intel Corporation
lsass.exe 0.02 6,760 K 15,476 K 756 (Verified) Microsoft Windows
svchost.exe 0.02 9,360 K 16,396 K 3744 (Verified) Microsoft Windows
WiMAXCU.exe 0.02 44,232 K 50,616 K 2592 (No signature was present in the subject) Intel® Corporation
svchost.exe 0.01 16,748 K 19,232 K 1532 (Verified) Microsoft Windows
taskhost.exe 0.01 8,096 K 11,996 K 1732 (Verified) Microsoft Windows
MobileService.exe 0.01 28,180 K 36,112 K 4148 (Verified) Seagate Technology LLC
services.exe 0.01 8,892 K 15,304 K 748 (Verified) Microsoft Windows
ftnlsv.exe 0.01 1,872 K 4,284 K 3768 (Verified) FabulaTech
vmwsprrdpwks.exe 0.01 2,672 K 6,344 K 4348 (Verified) FabulaTech
ftscanmgr.exe 0.01 5,268 K 8,440 K 3864 (Verified) FabulaTech
csrss.exe 0.01 3,296 K 6,036 K 540 (Verified) Microsoft Windows
igfxpers.exe < 0.01 3,544 K 10,048 K 2756 (Verified) Intel Corporation
svchost.exe < 0.01 13,312 K 21,096 K 1040 (Verified) Microsoft Windows
audiodg.exe < 0.01 16,956 K 17,680 K 16136 (Verified) Microsoft Windows
avguix.exe < 0.01 9,708 K 27,944 K 2472 (Verified) AVG Technologies CZ
Seagate.Dashboard.Uploader.exe < 0.01 27,988 K 43,432 K 3024 (Verified) Seagate Technology LLC
AppSrv.exe < 0.01 5,676 K 8,740 K 4452 (No signature was present in the subject) Intel® Corporation
HPOSD.exe < 0.01 8,068 K 11,280 K 2444 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
ezSharedSvcHost.exe < 0.01 1,556 K 5,504 K 3556 (Certificate expired) EasyBits Software AS
svchost.exe < 0.01 13,304 K 17,688 K 6112 (Verified) Microsoft Windows
vmware-usbarbitrator64.exe < 0.01 3,832 K 8,604 K 4972 (Verified) VMware
chrome.exe < 0.01 91,252 K 130,476 K 5432 (Verified) Google Inc
SearchIndexer.exe < 0.01 33,172 K 23,044 K 4656 (Verified) Microsoft Windows
vmware-view-usbd.exe < 0.01 3,412 K 7,660 K 1292 (Verified) VMware
YCMMirage.exe < 0.01 1,576 K 736 K 3392 (Verified) CyberLink
IAStorIcon.exe < 0.01 27,776 K 24,568 K 2572 (Verified) Intel Corporation
wmpnetwk.exe < 0.01 8,000 K 11,340 K 4512 (Verified) Microsoft Windows
svchost.exe < 0.01 17,648 K 19,932 K 1672 (Verified) Microsoft Windows
HPConnectionManager.exe < 0.01 79,924 K 90,180 K 6656 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPMSGSVC.exe < 0.01 1,212 K 4,376 K 1288 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
lsm.exe < 0.01 2,996 K 4,900 K 768 (Verified) Microsoft Windows
stacsv64.exe < 0.01 13,016 K 9,208 K 1112 (Verified) Microsoft Windows Hardware Compatibility Publisher
ScanToPCActivationApp.exe < 0.01 5,844 K 12,588 K 2988 (Verified) Hewlett Packard
HPNetworkCommunicator.exe < 0.01 3,216 K 8,076 K 3228 (Verified) Hewlett Packard
hpservice.exe < 0.01 1,764 K 5,000 K 1444 (Verified) Hewlett-Packard Company
wsnm.exe 4,520 K 10,124 K 4768 (Verified) VMware
WR_Tray_Icon.exe 1,704 K 1,372 K 6924 (Verified) Tweaking LLC
WmiPrvSE.exe 9,744 K 16,592 K 5648 (Verified) Microsoft Windows
wlanext.exe 10,208 K 20,456 K 1764 (Verified) Microsoft Windows
winlogon.exe 4,036 K 8,584 K 696 (Verified) Microsoft Windows
wininit.exe 1,692 K 4,752 K 644 (Verified) Microsoft Windows
unsecapp.exe 1,844 K 5,576 K 4304 (Verified) Microsoft Windows
unsecapp.exe 1,916 K 5,940 K 4392 (Verified) Microsoft Windows
UNS.exe 3,384 K 7,800 K 7872 (Verified) Intel Corporation
TrueSuiteService.exe 3,068 K 6,784 K 972 (Verified) AuthenTec
TouchControl.exe 3,896 K 12,680 K 1848 (Verified) AuthenTec
taskeng.exe 3,232 K 7,204 K 3916 (Verified) Microsoft Windows
taskeng.exe 3,216 K 7,104 K 6892 (Verified) Microsoft Windows
SynTPHelper.exe 1,296 K 3,168 K 6372 (Verified) Synaptics Incorporated
svchost.exe 25,456 K 24,064 K 416 (Verified) Microsoft Windows
svchost.exe 2,996 K 6,496 K 1376 (Verified) Microsoft Windows
svchost.exe 6,024 K 11,708 K 4316 (Verified) Microsoft Windows
svchost.exe 6,400 K 12,504 K 3252 (Verified) Microsoft Windows
svchost.exe 2,676 K 6,352 K 6020 (Verified) Microsoft Windows
svchost.exe 1,956 K 4,828 K 8040 (Verified) Microsoft Windows
sttray64.exe 8,708 K 19,020 K 2840 (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 7,436 K 14,056 K 1488 (Verified) Microsoft Windows
smss.exe 588 K 1,280 K 372 (Verified) Microsoft Windows
Seagate.Dashboard.DASWindowsService.exe 29,544 K 37,116 K 2364 (Verified) Seagate Technology LLC
RNowSvc.exe 2,848 K 5,612 K 532 (Verified) Sonic Solutions
RegSrvc.exe 2,396 K 7,000 K 3948 (Verified) Intel Corporation - Mobile Wireless Group
procexp.exe 3,644 K 8,912 K 7412 (Verified) Microsoft Corporation
nusb3mon.exe 1,764 K 5,196 K 2428 (Verified) Renesas Electronics Corporation
igfxtray.exe 2,708 K 6,864 K 2684 (Verified) Intel Corporation
iFrmewrk.exe 10,280 K 21,888 K 2528 (Verified) Intel Corporation - Mobile Wireless Group
HPSupportSolutionsFrameworkService.exe 34,104 K 29,948 K 7060 (Verified) HP Inc.
hpqWmiEx.exe 4,592 K 9,464 K 6324 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
hpCMSrv.exe 4,560 K 10,052 K 2060 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPClientServices.exe 3,980 K 8,444 K 3132 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
hpCaslNotification.exe 32,636 K 5,232 K 7788 (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
hkcmd.exe 2,472 K 6,604 K 2728 (Verified) Intel Corporation
EvtEng.exe 9,336 K 16,788 K 3456 (Verified) Intel Corporation - Mobile Wireless Group
dwm.exe 2,116 K 6,380 K 1916 (Verified) Microsoft Windows
DMAgent.exe 6,244 K 9,376 K 4860 (No signature was present in the subject) Red Bend Ltd.
DeviceAgent.exe 26,268 K 30,300 K 5512 (Verified) Seagate Technology LLC
DBAgent.exe 5,936 K 18,940 K 2972 (Verified) Seagate Technology LLC
CryptoPreventMonSvc.exe 59,108 K 61,484 K 2360 (Verified) Foolish IT LLC
conhost.exe 1,088 K 3,032 K 1776 (Verified) Microsoft Windows
chrome.exe 13,148 K 60,348 K 11912 (Verified) Google Inc
chrome.exe 70,792 K 109,092 K 524 (Verified) Google Inc
chrome.exe 2,660 K 5,908 K 12552 (Verified) Google Inc
chrome.exe 4,332 K 6,864 K 14112 (Verified) Google Inc
BioMonitor.exe 1,308 K 4,620 K 2004 (Verified) AuthenTec
avgsvca.exe 11,176 K 29,504 K 2420 (Verified) AVG Technologies CZ
atiesrxx.exe 1,692 K 4,644 K 556 (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,308 K 6,580 K 1468 (Verified) Microsoft Windows Hardware Compatibility Publisher
aspnet_state.exe 2,596 K 6,480 K 2272 (Verified) Microsoft Corporation
armsvc.exe 1,228 K 4,136 K 2076 (Verified) Adobe Systems
AESTSr64.exe 1,288 K 3,092 K 2244 (Verified) Microsoft Windows Hardware Compatibility Publisher
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/09/2017 12:10:39 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/09/2017 5:35:30 PM
Type: Error Category: 0
Event: 1013 Source: MsiInstaller
Product: Intel® PROSet/Wireless WiMAX Software -- A newer product version is already installed.
 
Log: 'Application' Date/Time: 08/09/2017 5:35:28 PM
Type: Error Category: 0
Event: 1013 Source: MsiInstaller
Product: Intel® PROSet/Wireless WiMAX Software -- A newer product version is already installed.
 
Log: 'Application' Date/Time: 08/09/2017 5:35:24 PM
Type: Error Category: 0
Event: 1013 Source: MsiInstaller
Product: Intel® PROSet/Wireless WiMAX Software -- A newer product version is already installed.
 
Log: 'Application' Date/Time: 08/09/2017 5:35:21 PM
Type: Error Category: 0
Event: 1013 Source: MsiInstaller
Product: Intel® PROSet/Wireless WiMAX Software -- A newer product version is already installed.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/09/2017 6:00:09 AM
Type: Warning Category: 0
Event: 0 Source: HP Client Services
The event description cannot be found.
 
Log: 'Application' Date/Time: 10/09/2017 6:00:09 AM
Type: Warning Category: 0
Event: 0 Source: HP Client Services
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/09/2017 5:01:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-2642546764-1993480236-4026764921-1001:
Process 1664 (\Device\HarddiskVolume2\Program Files (x86)\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2642546764-1993480236-4026764921-1001
Process 980 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2642546764-1993480236-4026764921-1001
 
 
Log: 'Application' Date/Time: 08/09/2017 5:15:06 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2642546764-1993480236-4026764921-1001_Classes:
Process 4260 (\Device\HarddiskVolume2\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2642546764-1993480236-4026764921-1001_CLASSES
 
 
Log: 'Application' Date/Time: 08/09/2017 5:15:02 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-2642546764-1993480236-4026764921-1001:
Process 756 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2642546764-1993480236-4026764921-1001
Process 4260 (\Device\HarddiskVolume2\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2642546764-1993480236-4026764921-1001
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/09/2017 12:11:31 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/09/2017 5:01:35 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/09/2017 5:01:35 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 09/09/2017 4:45:56 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name adrbyzfxmwseq.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/09/2017 2:14:24 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name apps.facebook.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/09/2017 5:15:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 08/09/2017 5:15:31 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 

  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,899 posts
  • MVP

Do run Speedy Fox:

 

Download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize. 

  • 0

#49
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

done, i'll try it a bit


  • 0

#50
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

speedy fox helps when my internet is connected. still having the connect / disconnect problem.  went to HP website and downloaded and installed the wireless driver for the centrino but still have same problem.


  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,899 posts
  • MVP

Let's clean up the IE restricted site list since all of your browsers will use it and it is known to slow things down.

 

Download deldomain.zip

 

right click and Extract All, Extract.  Right click on deldomain.inf and install.

 

If that doesn't help you might want to try a second wireless adaopter.  They aren't very expenive.  Amazon has one:

 

Edimax EW-7811Un 150Mbps 11n Wi-Fi USB Adapter, Nano Size Lets You Plug it and Forget it, Ideal for Raspberry Pi / Pi2, Supports Windows, Mac OS, Linux (Black/Gold)

3.8 out of 5 stars    9,486 customer reviews  | 664 answered questions
List Price: $14.99 
Price: $7.99 
 
I've used them and they work quite nicely.

  • 0

#52
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts

i'll try this domain thing and see how it goes

 

thank you

 

if the problem persists, is there a way to try and do a repair with the installation disc without losing anything that i already have on my comp?


Edited by gregahoffman, 15 September 2017 - 09:56 AM.

  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,899 posts
  • MVP

I just thought of something else to try.  Go on to your router and change the encryption to WEP or none and see if it works then.  I once had a problem with WPA encryption on an old laptop.  It could do it but kept dropping.  I switched the router to WEP and the problem went away.  (A sign that the wireless driver or the adapter needs updating)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP