Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Programs are not responding/ or they freeze.

Started by Betty Boopster , Mar 09 2018 06:38 PM

not reponding can not open can not find items saved

Please log in to reply

#1
Betty Boopster

Posted 09 March 2018 - 06:38 PM

Member

Member
58 posts

Hello,

I was working with a representive regarding Malware on my husband's laptop. It was suggested that I bring my problem here as well. My laptop will start loading a site in a tab, but it doesn't always open. I will get a message that so--&--so is not responding. Do you want to end or wait for the program to respond. The only thing besides closing the tab, is to do a "clear browser data". I usually do this brower clear almost everyday. The laptop will start to go slower or irratically.

I believe that these attachments will be what you need. The 1st 2 are just showing you what I am dealing with.

Thank you.

I will copy and paste further list or logs you may request.

Attached Thumbnails

Attached Files

FRST.txt 90.46KB 206 downloads
Addition.txt 64.49KB 205 downloads

#2
Bruce1270

Posted 11 March 2018 - 04:18 PM

Trusted Helper

Malware Removal
1,714 posts

Hello Betty Boopster and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

I'll have a look over the logs and post further instructions.

#3
Bruce1270

Posted 12 March 2018 - 05:54 PM

Trusted Helper

Malware Removal
1,714 posts

Hi BettyBoopster

Please run the following FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 3.67KB 196 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Important: Please disable your Anti Virus

Then Run AdwCleaner

Download AdwCleaner from here to the Desktop
Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
Click on Tools then options

tick to reset -
IE policies
Chrome policies
Chrome preferences
Click OK.
Please click Clean button.
when cleaning is finished, you may be prompted to restart your computer. Do so.
Upon completion, a log (AdwCleaner[C*].txt) will open.
Please copy and paste this in your next reply.

Things for your next post:
fixlog.txt
AdwCleaner[C*].txt
How is the computer running now?

#4
Betty Boopster

Posted 12 March 2018 - 08:33 PM

Member

Topic Starter
Member
58 posts

This computer is going nuts tonight, since I started to do the files. I wish I could have gotten screen shots, but it just kept going to one screen and another so on, and so on. When it finally stopped misbehaving my files that I pasted disappeared. If I missed a file let me know, I did save them, even the Addition.txt and FRST.txt. They did disappear but they finally came back after I reposted them here. The last couple of days though, booting has gotten really slow. After the date and time come up it takes a minute for the welcome page comes up so I can sign into windows. After Adware Log came up, the reboot took a good 5 minutes.

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018

Ran by bettytboop1 (12-03-2018 21:30:01) Run:1

Running from C:\Users\bettytboop1\Desktop

Loaded Profiles: bettytboop1 (Available Profiles: bettytboop1 & Bob)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

GroupPolicy: Restriction - Chrome <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File

BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension => not found

FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension => not found

FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found

CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>

CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>

Task: {0332A998-98EE-4120-B3A2-763ECA6C0CD2} - \RocketTab -> No File <==== ATTENTION

Task: {0B9657B8-9F56-4170-AE9E-E5CD63AEBA0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {12AB644D-5F3D-4AD0-A337-34D3ECE62E39} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {60A8939A-142C-4FAD-ACF4-540068231247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {6154942D-FE9B-4CA7-B6D3-D65C8F5AECD8} - \ProPCCleaner_Popup -> No File <==== ATTENTION

Task: {89763051-7A80-4863-AF21-0368B2E58DC8} - \WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1002 -> No File <==== ATTENTION

Task: {8BB497D2-481E-4931-A373-C9AE57C945DE} - \RocketTab Update Task -> No File <==== ATTENTION

Task: {8DF59AD2-EF27-40C3-BA0D-E5AAE059DCB6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {9072FF12-B19F-43CC-9B62-0808E769E628} - \WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1005 -> No File <==== ATTENTION

Task: {AD38E2CB-41AB-4D94-9F95-AE3EAB40A616} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {B577C219-A92F-42ED-8391-6DBFDED71D0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {BAAF685C-C4B3-4F52-AB36-48466E3DC3A7} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: {BAD62D12-2FAD-41E4-AB81-885BB6BA074F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Task: {C4D1FADB-1546-4546-A3E1-A90186D84186} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {C6BF181B-377F-4AF8-9495-DA2CE7ED6356} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {C6F6564F-2578-4375-94D0-7F8DEA781C72} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {E5CAE373-B47A-4965-9ED1-4C7CD3C3018B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {FC07826C-0D72-4402-91DD-281FEEF583FC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

C:\Program Files\SlimCleaner Plus

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

Hosts:

EmptyTemp:

*****************

Restore point was successfully created.

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

"HKLM\SOFTWARE\Policies\Google" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully

"HKLM\Software\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully

"HKLM\Software\Wow6432Node\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully

"HKLM\Software\Classes\PROTOCOLS\Handler\tmbp" => removed successfully

"HKLM\Software\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}" => removed successfully

"HKLM\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully

"HKLM\Software\Mozilla\Firefox\Extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}" => removed successfully

"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully

"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}" => removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0332A998-98EE-4120-B3A2-763ECA6C0CD2}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0332A998-98EE-4120-B3A2-763ECA6C0CD2}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B9657B8-9F56-4170-AE9E-E5CD63AEBA0F}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B9657B8-9F56-4170-AE9E-E5CD63AEBA0F}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12AB644D-5F3D-4AD0-A337-34D3ECE62E39}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12AB644D-5F3D-4AD0-A337-34D3ECE62E39}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A8939A-142C-4FAD-ACF4-540068231247}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A8939A-142C-4FAD-ACF4-540068231247}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6154942D-FE9B-4CA7-B6D3-D65C8F5AECD8}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6154942D-FE9B-4CA7-B6D3-D65C8F5AECD8}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89763051-7A80-4863-AF21-0368B2E58DC8}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89763051-7A80-4863-AF21-0368B2E58DC8}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1002" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BB497D2-481E-4931-A373-C9AE57C945DE}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BB497D2-481E-4931-A373-C9AE57C945DE}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DF59AD2-EF27-40C3-BA0D-E5AAE059DCB6}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF59AD2-EF27-40C3-BA0D-E5AAE059DCB6}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9072FF12-B19F-43CC-9B62-0808E769E628}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9072FF12-B19F-43CC-9B62-0808E769E628}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1005" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD38E2CB-41AB-4D94-9F95-AE3EAB40A616}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD38E2CB-41AB-4D94-9F95-AE3EAB40A616}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B577C219-A92F-42ED-8391-6DBFDED71D0E}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B577C219-A92F-42ED-8391-6DBFDED71D0E}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAAF685C-C4B3-4F52-AB36-48466E3DC3A7}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAF685C-C4B3-4F52-AB36-48466E3DC3A7}" => removed successfully

C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1) => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - bettytboop1)" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAD62D12-2FAD-41E4-AB81-885BB6BA074F}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAD62D12-2FAD-41E4-AB81-885BB6BA074F}" => removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4D1FADB-1546-4546-A3E1-A90186D84186}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4D1FADB-1546-4546-A3E1-A90186D84186}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6BF181B-377F-4AF8-9495-DA2CE7ED6356}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BF181B-377F-4AF8-9495-DA2CE7ED6356}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F6564F-2578-4375-94D0-7F8DEA781C72}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F6564F-2578-4375-94D0-7F8DEA781C72}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5CAE373-B47A-4965-9ED1-4C7CD3C3018B}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5CAE373-B47A-4965-9ED1-4C7CD3C3018B}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC07826C-0D72-4402-91DD-281FEEF583FC}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC07826C-0D72-4402-91DD-281FEEF583FC}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully

C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1).job => moved successfully

"C:\Program Files\SlimCleaner Plus" => not found

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44246656 B

Java, Flash, Steam htmlcache => 1080 B

Windows/system/drivers => 2777875 B

Edge => 46347 B

Chrome => 59463057 B

Firefox => 18677515 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 7680 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 44284 B

NetworkService => 7918 B

bettytboop1 => 109447964 B

Bob => 38002 B

RecycleBin => 0 B

EmptyTemp: => 232.7 MB temporary data Removed.

================================

# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 13 02:13:09 2018

# Updated on 2018/08/02 by Malwarebytes

# Running on Windows 10 Home (X64)

# Mode: clean

# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\All Users\Documents\Downloaded Installers

Deleted: C:\Users\Public\Documents\Downloaded Installers

Deleted: C:\Users\bettytboop1\AppData\Local\slimware utilities inc

Deleted: C:\Users\bettytboop1\AppData\Local\SlimWare Utilities Inc

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner

Deleted: C:\Users\bettytboop1\AppData\Roaming\PRO PC Cleaner

***** [ Files ] *****

Deleted: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Savepass 2.0

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}

Deleted: [Key] - HKLM\SOFTWARE\SPPDCOM

Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\rttasks

Deleted: [Key] - HKCU\Software\rttasks

Deleted: [Key] - HKLM\SOFTWARE\GlobalUpdate

Deleted: [Key] - HKLM\SOFTWARE\InstalledBrowserExtensions

Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\InstalledBrowserExtensions

Deleted: [Key] - HKCU\Software\InstalledBrowserExtensions

Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\OB

Deleted: [Key] - HKCU\Software\OB

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7

Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4270603C7CA6FEB45B61F4B6D10988D7

Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4270603C7CA6FEB45B61F4B6D10988D7

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application

Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

Deleted: [Value] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|StormWatchApp.exe

Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc

Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\SlimWare Utilities Inc

Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc

Deleted: [Key] - HKLM\SOFTWARE\StormWatch

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Deleted: [Key] - HKLM\SOFTWARE\PRO PC Cleaner

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Search By MovixHub -

*************************

::Tracing keys deleted

::Winsock settings cleared

::IE policies deleted

::Chrome policies deleted

::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4731 B] - [2018/3/13 2:9:2]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Darn it all I just saw View Auto Saved Content. Would have been easier then redoing it all.

#5
Bruce1270

Posted 13 March 2018 - 03:08 PM

Trusted Helper

Malware Removal
1,714 posts

Ok thanks for the logs.

Next steps:

1. Run Malwarebytes

Please download Malwarebytes to your desktop.
Double-click mb3-consumer-{version number}.exe and follow the prompts to install the program. Note: This will be the trial version for 14 days and then reverts to the free version.
Click on Scan Now
The scan will automatically commence.
If any threats are detected, Put a checkmark on all detected and click on "Quarantine Selected"
Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

2. Run ESET scan

Temporary disable your AntiVirus and AntiSpyware protection - instructions here .

Please visit ESET Online Scanner website.
Click Scan Now.

Download esetonlinescanner_enu.exe that you'll be given link to.
Double click esetonlinescanner_enu.exe.
Accept the Terms of Use

To perform the scan:

Make sure that Enable detection of potentially unwanted applications is selected.
In the Advanced Settings dropdown menu:
Enable detection of potentially unsafe applications are checked.
Enable detection of suspicious applications are checked.
Enable Anti-Stealth technology are checked.
Scan archives is checked.
Make sure that Clean threats automatically is unchecked.
Use custom proxy settings is unchecked.
Click Scan
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done results will be displayed. Click the Copy to clipboard.
When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

Things for your next post:
MBAM log
ESET log.txt
Any change to the computer running?

#6
Betty Boopster

Posted 13 March 2018 - 11:29 PM

Member

Topic Starter
Member
58 posts

This is all I have for you,

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 3/13/18

Scan Time: 7:02 PM

Log File: 94847904-2712-11e8-be13-3863bb901163.json

Administrator: Yes

-Software Information-

Version: 3.4.4.2398

Components Version: 1.0.322

Update Package Version: 1.0.4340

License: Trial

-System Information-

OS: Windows 10 (Build 16299.248)

CPU: x64

File System: NTFS

User: BETTYS-LAPTOP\bettytboop1

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 349859

Threats Detected: 60

Threats Quarantined: 60

Time Elapsed: 15 min, 9 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 1

PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util snipsmart, Quarantined, [30], [254028],1.0.4340

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 10

PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\_metadata, Quarantined, [1404], [467555],1.0.4340

PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ECGNGHLLMFAPCIGCDHADAACKFJJHHIFL, Quarantined, [1404], [467555],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\_metadata, Quarantined, [8435], [443230],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\icons, Quarantined, [8435], [443230],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1, Quarantined, [8435], [443230],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KNMAPLKNMLJOLHEMKDMFAHDFGDDFLGCD, Quarantined, [8435], [443230],1.0.4340

File: 49

PUP.Optional.ConsumerInput, C:\compete-header-long2.bmp, Quarantined, [171], [464144],1.0.4340

PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [30], [-1],0.0.0

PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [30], [-1],0.0.0

PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1404], [467555],1.0.4340

PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1404], [467555],1.0.4340

PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [1404], [467555],1.0.4340

PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ECGNGHLLMFAPCIGCDHADAACKFJJHHIFL\13.421.12.41590_0\MANIFEST.JSON, Quarantined, [1404], [467555],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [8435], [443230],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [8435], [443230],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [8435], [443230],1.0.4340

PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KNMAPLKNMLJOLHEMKDMFAHDFGDDFLGCD\1.0.2_1\MANIFEST.JSON, Quarantined, [8435], [443230],1.0.4340

Physical Sector: 0

(No malicious items detected)

(end)

I can not locate a file for--ESET Log.exe.

The computer is running a little faster today. No Freezing or Not responding message, so far.

#7
Bruce1270

Posted 14 March 2018 - 05:40 PM

Trusted Helper

Malware Removal
1,714 posts

The computer is running a little faster today. No Freezing or Not responding message, so far.

Good news. Thanks for the update.

I can not locate a file for--ESET Log.exe.

The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt In your case the user profile will be bettytboop1

Make sure you have Show Hidden Folders and Files enabled.

In Windows 10 > Windows explorer > Click on View > Underneath this to the right hand side look for Show/Hide. There will be a check box called Hidden Items . Make sure this is checked.

Navigate to the temp folder and look for the ESET log.txt.

Open this with notepad and copy/paste the contents to your next reply.

Thanks.

#8
Betty Boopster

Posted 14 March 2018 - 07:50 PM

Member

Topic Starter
Member
58 posts

Your file was not found
It may have been moved or deleted.
ERR_FILE_NOT_FOUND

This is what I get trying to find the file. i DON'T know why this is all in upper case, caps lock is not on.
I did another scan and copied that page. I will paste them here for you to see.

ESET log.txt file
C:\AdwCleaner\Quarantine\frAQBc8Wsa\{2B19EF69-E2EF-4847-A741-41E7A2ABC2EE}\setup.msi a variant of Win32/UwS.SlimDrivers.A application

Nothing is working tonight. That dang scan took over 7 hours, i had your notes in front of me and follow them carefully.

I do not remember getting the report though and the scan only lasted about 2hrs last night,

I am at a loss here.

What is that little button top right corner over the B. I pushed it and it took out my fonts set.

This should be so easy, as it is a rerun from doing Bobs computer.

Attached Thumbnails

Attached Files

ESET log.txt 274bytes 227 downloads

#9
Bruce1270

Posted 15 March 2018 - 03:51 PM

Trusted Helper

Malware Removal
1,714 posts

Hi

The ESET file was not found as the program was removed upon exit of the application. I just wanted to check it case it had not been removed.

I was going to suggest re running it so thanks for that. :thumbsup:

The scan can sometimes take quite long although 7 hours does seem a bit excessive.. although it has completed successfully.

How is the computer running? Are you still getting any freezes or it stops responding?

Also

We'll have a quick look at what's running on your computer to see if anything is taking large resource ..

Get Process Explorer from here

Save it to your desktop then run it (right click and Run As Administrator).

Click on View > Select Column > tick Verified Signer >OK
Click Options >Verify Image Signatures

Then Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save to desktop. Open the file .txt on your desktop and copy and paste the text to a reply.

#10
Betty Boopster

Posted 15 March 2018 - 09:23 PM

Member

Topic Starter
Member
58 posts

How is the computer running? Are you still getting any freezes or it stops responding?

Well I did have it stop but that was a pop--up from the game and I could close that one with no problem. The computer is still slow booting and switching to a different tap, or a different site. I think there is just too many txt files and reports here and on Bob's I have saved all our posts for his topic and maybe I will do the same here. I could just put them on a disc and save paper. Well its past my bedtime, so good night and sweet dreams.

That was a little scary, but I hope its done right for you.

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

AdaptiveSleepService.exe 1,620 K 2,396 K 5992 (Verified) Advanced Micro Devices

AERTSr64.exe 660 K 984 K 6036 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics

atiesrxx.exe 1,416 K 1,556 K 2028 AMD External Events Service Module AMD (Verified) Advanced Micro Devices

cachesrvr.exe 2,376 K 3,208 K 1700 Cachedrv server Softex Inc. (No signature was present in the subject) Softex Inc.

coreFrameworkHost.exe 5,936 K 1,580 K 3192 Trend Micro Anti-Malware Solution Platform Trend Micro Inc. (Verified) Trend Micro

csrss.exe 1,852 K 2,812 K 6352 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

csrss.exe 1,876 K 1,884 K 800 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

dasHost.exe 7,364 K 10,900 K 2960 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows

dllhost.exe 2,832 K 17,224 K 17168 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

escsvc64.exe 1,500 K 1,420 K 3712 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation

HP3DDGService.exe 776 K 1,108 K 2336 HP3DDGService HP (Verified) HP Inc.

hpservice.exe 1,080 K 1,296 K 2328 HP Service HP (Verified) HP Inc.

HPSupportSolutionsFrameworkService.exe 34,304 K 13,428 K 10864 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.

mDNSResponder.exe 1,736 K 2,604 K 2244 Bonjour Service Apple Inc. (Verified) Apple Inc.

mfefire.exe < 0.01 1,916 K 3,748 K 3452 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee

mfevtps.exe 1,088 K 1,244 K 2604 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee

Microsoft.Photos.exe Suspended 330,752 K 18,624 K 11888 (No signature was present in the subject)

OmniServ.exe 4,768 K 3,452 K 1692 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.

PtSessionAgent.exe 3,480 K 13,288 K 16336 Platinum user session agent Trend Micro Inc. (Verified) Trend Micro

PtSvcHost.exe 15,588 K 16,328 K 1884 Platinum Host Service Trend Micro Inc. (Verified) Trend Micro

PtWatchDog.exe 1,300 K 996 K 3640 Platinum Watch Dog Trend Micro Inc. (Verified) Trend Micro

PwmTower.exe 1.97 40,344 K 32,804 K 4588 (Verified) Trend Micro

PwmTower.exe 114,840 K 15,692 K 13548 (Verified) Trend Micro

RtkAudioService64.exe 2,156 K 3,444 K 2444 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp

RuntimeBroker.exe 6,608 K 2,580 K 11904 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,516 K 2,352 K 17144 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,272 K 12,880 K 14560 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 4,960 K 13,568 K 5044 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 10,724 K 4,572 K 6304 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 12,068 K 11,580 K 10908 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,968 K 4,296 K 6844 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

SearchProtocolHost.exe 3,356 K 5,388 K 14788 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows

SearchUI.exe Suspended 52,288 K 12,016 K 8676 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SecurityHealthService.exe 4,864 K 9,064 K 3744 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher

services.exe 4,772 K 5,016 K 984 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher

ShellExperienceHost.exe Suspended 25,764 K 9,804 K 6696 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SkypeHost.exe Suspended 21,504 K 2,584 K 16344 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

smss.exe 488 K 524 K 536 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher

spoolsv.exe 11,636 K 14,996 K 2748 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 1,856 K 3,164 K 3200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,500 K 180 K 8932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,584 K 10,780 K 12180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,492 K 11,272 K 2276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,692 K 2,312 K 2504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,476 K 6,088 K 2584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,064 K 6,840 K 2684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,104 K 2,544 K 2420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 15,536 K 23,664 K 2564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,436 K 7,328 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 37,780 K 19,776 K 492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 6,084 K 9,784 K 3040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,076 K 7,860 K 2840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 15,772 K 21,736 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 19,876 K 18,012 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 15,736 K 21,428 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,316 K 14,596 K 1532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 0.13 53,280 K 35,784 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

SynTPEnhService.exe 1,364 K 2,800 K 3156 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated

SystemSettings.exe Suspended 19,740 K 6,108 K 16672 Settings Microsoft Corporation (Verified) Microsoft Windows

taskhostw.exe 6,696 K 16,544 K 13508 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

TmsaInstance64.exe 70,588 K 5,272 K 2516 TmsaInstance Trend Micro Inc. (Verified) Trend Micro

uiWatchDog.exe 1,380 K 1,072 K 2296 Trend Micro Client Session Agent Monitor Trend Micro Inc. (Verified) Trend Micro

wininit.exe 1,576 K 2,900 K 908 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher

winlogon.exe 2,140 K 8,096 K 14820 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

WinStore.App.exe Suspended 59,024 K 7,580 K 15612 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

wmpnetwk.exe 9,696 K 9,028 K 4136 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows

uiSeAgnt.exe 0.10 8,836 K 2,684 K 16376 Client Session Agent Trend Micro Inc. (Verified) Trend Micro

svchost.exe < 0.01 125,132 K 9,880 K 3224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 12,768 K 18,824 K 7856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

TouchpointAnalyticsClientService.exe < 0.01 48,896 K 18,872 K 8420 HP Touchpoint Analytics Client Service HP Inc. (Verified) HP Inc.

PwmSvc.exe < 0.01 20,588 K 16,592 K 3108 Trend Micro Password Manager Service Trend Micro Inc. (Verified) Trend Micro

svchost.exe 7,152 K 9,068 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

HPMSGSVC.exe < 0.01 3,716 K 9,480 K 9756 HP Message Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company

HPWMISVC.exe < 0.01 3,428 K 7,488 K 16456 HP WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company

TabTip32.exe < 0.01 3,644 K 6,392 K 12980 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows

APSDaemon.exe < 0.01 9,096 K 16,576 K 2148 Apple Push Apple Inc. (Verified) Apple Inc.

SnippingTool.exe < 0.01 17,304 K 32,876 K 10032 Snipping Tool Microsoft Corporation (Verified) Microsoft Windows

fontdrvhost.exe < 0.01 4,208 K 1,844 K 772 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

chrome.exe < 0.01 7,848 K 11,036 K 9736 Google Chrome Google Inc. (Verified) Google Inc

fontdrvhost.exe 0.01 6,300 K 10,576 K 14604 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

chrome.exe < 0.01 8,120 K 11,456 K 17172 Google Chrome Google Inc. (Verified) Google Inc

unsecapp.exe < 0.01 3,520 K 2,540 K 5688 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows

SynTPHelper.exe < 0.01 3,268 K 6,568 K 6712 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated

SettingSyncHost.exe 0.01 19,368 K 1,868 K 9040 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows

hpqwmiex.exe < 0.01 4,448 K 4,508 K 11168 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company

sihost.exe < 0.01 9,252 K 17,260 K 1956 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ApplePhotoStreams.exe < 0.01 7,200 K 17,284 K 12420 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.

RAVBg64.exe < 0.01 8,136 K 13,420 K 3652 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp

CoolSense.exe < 0.01 4,560 K 1,928 K 15148 HP CoolSense Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company

RadeonSettings.exe 0.01 198,728 K 2,404 K 14076 Radeon Settings: Host Application Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices

AccelerometerSt.exe < 0.01 4,140 K 3,544 K 12712 Hp Accelerometer System Tray HP (Verified) HP Inc.

WmiPrvSE.exe < 0.01 12,044 K 12,248 K 5288 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

GoogleCrashHandler.exe < 0.01 3,892 K 664 K 7280 Google Crash Handler Google Inc. (Verified) Google Inc

RtkNGUI64.exe < 0.01 6,644 K 14,372 K 1100 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp

ctfmon.exe 0.02 5,272 K 15,660 K 7204 CTF Loader Microsoft Corporation (Verified) Microsoft Windows

MSASCuiL.exe < 0.01 4,096 K 11,232 K 10520 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows

RAVBg64.exe < 0.01 7,876 K 13,208 K 13544 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp

ApplicationFrameHost.exe < 0.01 19,980 K 17,016 K 17192 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

opvapp.exe < 0.01 3,972 K 9,128 K 16284 (No signature was present in the subject)

splwow64.exe < 0.01 5,800 K 7,668 K 4660 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows

chrome.exe < 0.01 107,244 K 75,820 K 4368 Google Chrome Google Inc. (Verified) Google Inc

GoogleCrashHandler64.exe < 0.01 3,800 K 1,024 K 8124 Google Crash Handler Google Inc. (Verified) Google Inc

SynTPEnh.exe 0.01 8,976 K 17,300 K 12332 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

procexp.exe 0.01 5,456 K 12,968 K 9748 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

OneDrive.exe 0.01 12,500 K 14,544 K 2892 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation

procexp.exe 0.01 5,488 K 11,432 K 14592 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

YouCamService.exe 0.01 7,080 K 1,588 K 13420 CyberLink YouCam Service CyberLink Corp. (Verified) CyberLink Corp.

mbamtray.exe 0.01 19,988 K 19,364 K 3628 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation

conhost.exe 0.02 1,856 K 1,440 K 2912 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

lsass.exe 0.02 9,480 K 9,832 K 8 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

SearchIndexer.exe 0.01 68,084 K 34,868 K 3208 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

AppleMobileDeviceService.exe < 0.01 3,424 K 3,408 K 6056 MobileDeviceService Apple Inc. (Verified) Apple Inc.

conhost.exe 0.01 1,508 K 1,588 K 3272 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

TabTip.exe 0.53 6,084 K 17,708 K 14456 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 0.03 13,512 K 14,492 K 17336 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.03 148,336 K 82,052 K 16796 Google Chrome Google Inc. (Verified) Google Inc

iCloudServices.exe 0.02 48,644 K 11,616 K 716 iCloud Services Apple Inc. (Verified) Apple Inc.

chrome.exe 0.03 37,980 K 46,016 K 17884 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.11 84,828 K 102,832 K 17052 Google Chrome Google Inc. (Verified) Google Inc

Memory Compression < 0.01 2,212 K 200,036 K 2072

explorer.exe 0.19 50,392 K 64,916 K 4524 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 0.10 137,700 K 155,620 K 17132 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.09 110,516 K 127,764 K 14124 Google Chrome Google Inc. (Verified) Google Inc

svchost.exe 0.25 25,836 K 34,992 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

PwmTower.exe 0.41 24,756 K 16,176 K 5452 (Verified) Trend Micro

csrss.exe 3.33 5,544 K 5,036 K 12224 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

System 1.22 180 K 6,640 K 4

MBAMService.exe 1.36 235,432 K 104,428 K 3404 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation

dwm.exe 2.03 48,312 K 24,792 K 11252 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

Interrupts 1.53 0 K 0 K n/a Hardware Interrupts and DPCs

WmiPrvSE.exe 1.96 16,848 K 20,204 K 5296 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

procexp64.exe 2.33 23,916 K 43,080 K 17648 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

procexp64.exe 9.00 48,516 K 70,392 K 15708 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

coreServiceShell.exe 15.02 450,916 K 203,116 K 1868 Trend Micro Anti-Malware Solution Platform Trend Micro Inc. (Verified) Trend Micro

System Idle Process 56.42 52 K 8 K 0

reg.exe 0.49 972 K 2,272 K 6064

reg.exe 0.10 692 K 892 K 13940 Registry Console Tool Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 0.89 924 K 4,036 K 18148

#11
Bruce1270

Posted 16 March 2018 - 05:44 PM

Trusted Helper

Malware Removal
1,714 posts

Hi

Couple of things from the process explorer.

HPSupportSolutionsFrameworkService.exe 34,304 K 13,428 K 10864 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.

This program is taking up a fair bit of CPU. It's not a mandatory program and your computer will operate without it. We will turn this service to manual start to see what effect this has.

FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 149bytes 195 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

You also have some McAfee processes running but i don't see it listed in the installed programs in your logs - do you know if you have this installed or did have this installed or is a paid subscription?

You are already well protected by the Trend Micro product AV so I would say you don't need it and indeed can cause conflicts and speed issues.

If your ok I would recommend removal of the McAfee processes.

#12
Betty Boopster

Posted 16 March 2018 - 08:24 PM

Member

Topic Starter
Member
58 posts

Hello,

Hope you had a good day.

The computer seems very slow between commands.

I give permission for McAfee to be removed. I believe it was missed when trying to download the out of date Flashplayer.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-03-2018 22:18:58)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 22:18:59 ====

#13
Bruce1270

Posted 17 March 2018 - 02:25 AM

Trusted Helper

Malware Removal
1,714 posts

Hi BettyBoopster

I'm not sure if the last fix worked.

Please go to your desktop and delete all the existing text files for FRST - any FRST.txt, Addition.txt and fixlog.txt and also a folder called FRST older version if it exists. Don't delete the FRST64.exe.

Once that is done follow the instructions from post #11 again.

Thanks

#14
Betty Boopster

Posted 17 March 2018 - 10:29 AM

Member

Topic Starter
Member
58 posts

Well bad news, I can not find FRST64.exe file. I deleted all you told me to and the FRST file was there, I opened your last reply to copy it to have in front of me and I minimized and went back to my desktop, and Frst64 was gone. I have check everywhere I could not find it. Now What.

I entered all the C:\users\Admin\,bettytboop1, or what I could think of but as got was "Windows could not find yadda yadda, moved or delete" message. [bleep] I know I am so annoying. I even check the recycle bin and it was not in there either.