Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Programs are not responding/ or they freeze.

not reponding can not open can not find items saved

  • Please log in to reply

#1
Betty Boopster

Betty Boopster

    Member

  • Member
  • PipPip
  • 29 posts

Hello,

 

I was working with a representive regarding Malware on my husband's laptop.   It was suggested that I bring my problem here as well.  My laptop will start loading a site in a tab, but it doesn't always open.  I will get a message that so--&--so is not responding.  Do you want to end or wait for the program to respond.  The only thing besides closing the tab, is to do a "clear browser data".  I usually do this brower clear almost everyday.  The laptop will start to go slower or irratically.  

I believe that these attachments will be what you need.  The 1st 2 are just showing you what I am dealing with.   

Thank you.

I will copy and paste further list or logs you may request.

 

Attached Thumbnails

  • Not Responding.JPG
  • Not Responding with dialog box.JPG

Attached Files


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hello Betty Boopster and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll have a look over the logs and post further instructions. :)

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi BettyBoopster

Please run the following FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   3.67KB   33 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Important: Please disable your Anti Virus

    Then Run AdwCleaner


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on Tools then options
    adwcleaner2.jpg
    tick to reset -
    IE policies
    Chrome policies
    Chrome preferences
  • Click OK.
  • Please click Clean button.
  • when cleaning is finished, you may be prompted to restart your computer. Do so.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.

    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • How is the computer running now?

  • 0

#4
Betty Boopster

Betty Boopster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
This computer is going nuts tonight, since I started to do the files.    I wish I could have gotten screen shots, but it just kept going to one screen and another so on, and so on.  When it finally stopped misbehaving my files that I pasted disappeared.  If I missed a file let me know,  I did save them, even the Addition.txt and FRST.txt.  They did disappear but they finally came back after I reposted them here.   The last couple of days though, booting has gotten really slow.  After the date and time come up it takes a minute for the welcome page comes up so I can sign into windows.  After Adware Log came up, the reboot took a good 5 minutes.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018
Ran by bettytboop1 (12-03-2018 21:30:01) Run:1
Running from C:\Users\bettytboop1\Desktop
Loaded Profiles: bettytboop1 (Available Profiles: bettytboop1 & Bob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension => not found
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>
Task: {0332A998-98EE-4120-B3A2-763ECA6C0CD2} - \RocketTab -> No File <==== ATTENTION
Task: {0B9657B8-9F56-4170-AE9E-E5CD63AEBA0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {12AB644D-5F3D-4AD0-A337-34D3ECE62E39} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {60A8939A-142C-4FAD-ACF4-540068231247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6154942D-FE9B-4CA7-B6D3-D65C8F5AECD8} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {89763051-7A80-4863-AF21-0368B2E58DC8} - \WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1002 -> No File <==== ATTENTION
Task: {8BB497D2-481E-4931-A373-C9AE57C945DE} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {8DF59AD2-EF27-40C3-BA0D-E5AAE059DCB6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9072FF12-B19F-43CC-9B62-0808E769E628} - \WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1005 -> No File <==== ATTENTION
Task: {AD38E2CB-41AB-4D94-9F95-AE3EAB40A616} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B577C219-A92F-42ED-8391-6DBFDED71D0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BAAF685C-C4B3-4F52-AB36-48466E3DC3A7} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {BAD62D12-2FAD-41E4-AB81-885BB6BA074F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C4D1FADB-1546-4546-A3E1-A90186D84186} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C6BF181B-377F-4AF8-9495-DA2CE7ED6356} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C6F6564F-2578-4375-94D0-7F8DEA781C72} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E5CAE373-B47A-4965-9ED1-4C7CD3C3018B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FC07826C-0D72-4402-91DD-281FEEF583FC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
C:\Program Files\SlimCleaner Plus
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts: 
EmptyTemp:
 
*****************
 
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\Software\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\tmbp" => removed successfully
"HKLM\Software\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}" => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0332A998-98EE-4120-B3A2-763ECA6C0CD2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0332A998-98EE-4120-B3A2-763ECA6C0CD2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B9657B8-9F56-4170-AE9E-E5CD63AEBA0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B9657B8-9F56-4170-AE9E-E5CD63AEBA0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12AB644D-5F3D-4AD0-A337-34D3ECE62E39}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12AB644D-5F3D-4AD0-A337-34D3ECE62E39}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A8939A-142C-4FAD-ACF4-540068231247}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A8939A-142C-4FAD-ACF4-540068231247}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6154942D-FE9B-4CA7-B6D3-D65C8F5AECD8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6154942D-FE9B-4CA7-B6D3-D65C8F5AECD8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89763051-7A80-4863-AF21-0368B2E58DC8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89763051-7A80-4863-AF21-0368B2E58DC8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1002" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BB497D2-481E-4931-A373-C9AE57C945DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BB497D2-481E-4931-A373-C9AE57C945DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DF59AD2-EF27-40C3-BA0D-E5AAE059DCB6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF59AD2-EF27-40C3-BA0D-E5AAE059DCB6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9072FF12-B19F-43CC-9B62-0808E769E628}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9072FF12-B19F-43CC-9B62-0808E769E628}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2603603667-3828293561-2438258599-1005" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD38E2CB-41AB-4D94-9F95-AE3EAB40A616}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD38E2CB-41AB-4D94-9F95-AE3EAB40A616}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B577C219-A92F-42ED-8391-6DBFDED71D0E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B577C219-A92F-42ED-8391-6DBFDED71D0E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAAF685C-C4B3-4F52-AB36-48466E3DC3A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAF685C-C4B3-4F52-AB36-48466E3DC3A7}" => removed successfully
C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - bettytboop1)" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAD62D12-2FAD-41E4-AB81-885BB6BA074F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAD62D12-2FAD-41E4-AB81-885BB6BA074F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4D1FADB-1546-4546-A3E1-A90186D84186}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4D1FADB-1546-4546-A3E1-A90186D84186}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6BF181B-377F-4AF8-9495-DA2CE7ED6356}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BF181B-377F-4AF8-9495-DA2CE7ED6356}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F6564F-2578-4375-94D0-7F8DEA781C72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F6564F-2578-4375-94D0-7F8DEA781C72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5CAE373-B47A-4965-9ED1-4C7CD3C3018B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5CAE373-B47A-4965-9ED1-4C7CD3C3018B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC07826C-0D72-4402-91DD-281FEEF583FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC07826C-0D72-4402-91DD-281FEEF583FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - bettytboop1).job => moved successfully
"C:\Program Files\SlimCleaner Plus" => not found
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44246656 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 2777875 B
Edge => 46347 B
Chrome => 59463057 B
Firefox => 18677515 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 44284 B
NetworkService => 7918 B
bettytboop1 => 109447964 B
Bob => 38002 B
 
RecycleBin => 0 B
EmptyTemp: => 232.7 MB temporary data Removed.
 
================================
 
 
 
 
# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 13 02:13:09 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\bettytboop1\AppData\Local\slimware utilities inc
Deleted: C:\Users\bettytboop1\AppData\Local\SlimWare Utilities Inc
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner
Deleted: C:\Users\bettytboop1\AppData\Roaming\PRO PC Cleaner
 
 
***** [ Files ] *****
 
Deleted: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Savepass 2.0
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Deleted: [Key] - HKLM\SOFTWARE\SPPDCOM
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\rttasks
Deleted: [Key] - HKCU\Software\rttasks
Deleted: [Key] - HKLM\SOFTWARE\GlobalUpdate
Deleted: [Key] - HKLM\SOFTWARE\InstalledBrowserExtensions
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\InstalledBrowserExtensions
Deleted: [Key] - HKCU\Software\InstalledBrowserExtensions
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\OB
Deleted: [Key] - HKCU\Software\OB
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4270603C7CA6FEB45B61F4B6D10988D7
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4270603C7CA6FEB45B61F4B6D10988D7
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted: [Value] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|StormWatchApp.exe
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\StormWatch
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted: [Key] - HKLM\SOFTWARE\PRO PC Cleaner
Deleted: [Key] - HKU\S-1-5-21-2603603667-3828293561-2438258599-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Search By MovixHub - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [4731 B] - [2018/3/13 2:9:2]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
Darn it all  I just saw View Auto Saved Content.   Would have been easier then redoing it all.   

  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Ok thanks for the logs.

Next steps:

1. Run Malwarebytes
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-consumer-{version number}.exe and follow the prompts to install the program. Note: This will be the trial version for 14 days and then reverts to the free version.
  • Click on Scan Now

    MBAM1_Scan.jpg
  • The scan will automatically commence.

    MBAMscan2.jpg
  • If any threats are detected, Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

    MBAMScanfinished.jpg

    Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


    2. Run ESET scan


    Temporary disable your AntiVirus and AntiSpyware protection - instructions here .

    Please visit ESET Online Scanner website.
    Click Scan Now.

    Download esetonlinescanner_enu.exe that you'll be given link to.
    Double click esetonlinescanner_enu.exe.
    Accept the Terms of Use

    To perform the scan:

    Make sure that Enable detection of potentially unwanted applications is selected.
    In the Advanced Settings dropdown menu:
    Enable detection of potentially unsafe applications are checked.
    Enable detection of suspicious applications are checked.
    Enable Anti-Stealth technology are checked.
    Scan archives is checked.
    Make sure that Clean threats automatically is unchecked.
    Use custom proxy settings is unchecked.
    Click Scan
    The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    When completed, the program will begin to scan. This may take several hours. Please, be patient.
    Do not do anything on your machine as it may interrupt the scan.
    When the scan is done results will be displayed. Click the Copy to clipboard.
    When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
    Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

    Please include this logfile in your next reply.
    Don't forget to re-enable previously switched-off protection software!


    Things for your next post:
  • MBAM log
  • ESET log.txt
  • Any change to the computer running?

  • 0

#6
Betty Boopster

Betty Boopster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

 This is all I have for you,

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/13/18
Scan Time: 7:02 PM
Log File: 94847904-2712-11e8-be13-3863bb901163.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4340
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: BETTYS-LAPTOP\bettytboop1
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349859
Threats Detected: 60
Threats Quarantined: 60
Time Elapsed: 15 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util snipsmart, Quarantined, [30], [254028],1.0.4340
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 10
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\_metadata, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\config, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\icons, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ECGNGHLLMFAPCIGCDHADAACKFJJHHIFL, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\_metadata, Quarantined, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\icons, Quarantined, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1, Quarantined, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KNMAPLKNMLJOLHEMKDMFAHDFGDDFLGCD, Quarantined, [8435], [443230],1.0.4340
 
File: 49
PUP.Optional.ConsumerInput, C:\compete-header-long2.bmp, Quarantined, [171], [464144],1.0.4340
PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [30], [-1],0.0.0
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [30], [-1],0.0.0
PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ECGNGHLLMFAPCIGCDHADAACKFJJHHIFL\13.421.12.41590_0\MANIFEST.JSON, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\config\config.json, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\config\extension-config.json, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\config\extension-dev-config.json, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\icons\icon128.png, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\icons\icon16.png, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\icons\icon19disabled.png, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\icons\icon19on.png, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\icons\icon48.png, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\ajax.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\background.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\chrome.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\content_script.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\dlp.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\dlpHelper.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\extension_detect.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\genericLoadRemoteSettings.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\index.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\initOfferCEF.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\logger.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\offerService.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\pageUtils.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\PartnerId.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\product.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\storage.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\TabManager.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\TemplateParser.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\ul.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\urlFragmentActions.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\urlUtils.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\util.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\js\webtooltabAPI.js, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\_metadata\verified_contents.json, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\dynamicNewTab.html, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\productnewtab.html, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.MindSpark.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecgnghllmfapcigcdhadaackfjjhhifl\13.421.12.41590_0\stubby.html, Quarantined, [1404], [467555],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\USERS\BETTYTBOOP1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KNMAPLKNMLJOLHEMKDMFAHDFGDDFLGCD\1.0.2_1\MANIFEST.JSON, Quarantined, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\icons\icon128.png, Quarantined, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\_metadata\verified_contents.json, Quarantined, [8435], [443230],1.0.4340
PUP.Optional.SearchAlgo.Generic, C:\Users\bettytboop1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmaplknmljolhemkdmfahdfgddflgcd\1.0.2_1\background.js, Quarantined, [8435], [443230],1.0.4340
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
I can not locate a file for--ESET Log.exe.
 
The computer is running a little faster today. No Freezing or Not responding message, so far. 
 

  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi
 

The computer is running a little faster today. No Freezing or Not responding message, so far.


Good news. Thanks for the update.
 

I can not locate a file for--ESET Log.exe.


The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt In your case the user profile will be bettytboop1

Make sure you have Show Hidden Folders and Files enabled.

In Windows 10 > Windows explorer > Click on View > Underneath this to the right hand side look for Show/Hide. There will be a check box called Hidden Items . Make sure this is checked.

Navigate to the temp folder and look for the ESET log.txt.

Open this with notepad and copy/paste the contents to your next reply.

Thanks.
  • 0

#8
Betty Boopster

Betty Boopster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Your file was not found
It may have been moved or deleted.
ERR_FILE_NOT_FOUND 

 
This is what I get trying to find the file. i DON'T know why this is all in upper case, caps lock is not on.
I did another scan and copied that page.  I will paste them here for you to see.

 ESET log.txt file
C:\AdwCleaner\Quarantine\frAQBc8Wsa\{2B19EF69-E2EF-4847-A741-41E7A2ABC2EE}\setup.msi a variant of Win32/UwS.SlimDrivers.A application

 

Nothing is working tonight. That dang scan took over 7 hours, i had your notes in front of me and follow them carefully.   

 

I do not remember getting the report though and the scan only lasted about 2hrs last night,

 

 

I am at a loss here.

 

What is that little button top right corner over the B.  I pushed it and it took out my fonts set.   

This should be so easy, as it is a rerun from doing Bobs computer. 

 

 

 

Attached Thumbnails

  • ESET log 1.JPG

Attached Files


  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi

The ESET file was not found as the program was removed upon exit of the application. I just wanted to check it case it had not been removed.

I was going to suggest re running it so thanks for that. :thumbsup:

The scan can sometimes take quite long although 7 hours does seem a bit excessive.. although it has completed successfully.

How is the computer running? Are you still getting any freezes or it stops responding?

Also

We'll have a quick look at what's running on your computer to see if anything is taking large resource ..


Get Process Explorer from here

Save it to your desktop then run it (right click and Run As Administrator).
  • Click on View > Select Column > tick Verified Signer >OK
  • Click Options >Verify Image Signatures


    Then Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

    Wait a full minute then:

    File, Save As, Save to desktop. Open the file .txt on your desktop and copy and paste the text to a reply.

  • 0

#10
Betty Boopster

Betty Boopster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

 

 

How is the computer running? Are you still getting any freezes or it stops responding?

 

Well I did have it stop but that was a pop--up from the game and I could close that one with no problem.   The computer is still slow booting and switching to a different tap, or a different site.  I think there is just too many txt files and reports here and on Bob's  I have saved all our posts for his topic and maybe I will do the same here.  I could just put them on a disc and save paper.   Well its past my bedtime, so good night and sweet dreams. 

 

That was a little scary, but I hope its done right for you.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
AdaptiveSleepService.exe 1,620 K 2,396 K 5992 (Verified) Advanced Micro Devices
AERTSr64.exe 660 K 984 K 6036 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
atiesrxx.exe 1,416 K 1,556 K 2028 AMD External Events Service Module AMD (Verified) Advanced Micro Devices
cachesrvr.exe 2,376 K 3,208 K 1700 Cachedrv server Softex Inc. (No signature was present in the subject) Softex Inc.
coreFrameworkHost.exe 5,936 K 1,580 K 3192 Trend Micro Anti-Malware Solution Platform Trend Micro Inc. (Verified) Trend Micro
csrss.exe 1,852 K 2,812 K 6352 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 1,876 K 1,884 K 800 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 7,364 K 10,900 K 2960 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,832 K 17,224 K 17168 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
escsvc64.exe 1,500 K 1,420 K 3712 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
HP3DDGService.exe 776 K 1,108 K 2336 HP3DDGService HP (Verified) HP Inc.
hpservice.exe 1,080 K 1,296 K 2328 HP Service HP (Verified) HP Inc.
HPSupportSolutionsFrameworkService.exe 34,304 K 13,428 K 10864 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
mDNSResponder.exe 1,736 K 2,604 K 2244 Bonjour Service Apple Inc. (Verified) Apple Inc.
mfefire.exe < 0.01 1,916 K 3,748 K 3452 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mfevtps.exe 1,088 K 1,244 K 2604 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
Microsoft.Photos.exe Suspended 330,752 K 18,624 K 11888 (No signature was present in the subject)
OmniServ.exe 4,768 K 3,452 K 1692 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
PtSessionAgent.exe 3,480 K 13,288 K 16336 Platinum user session agent Trend Micro Inc. (Verified) Trend Micro
PtSvcHost.exe 15,588 K 16,328 K 1884 Platinum Host Service Trend Micro Inc. (Verified) Trend Micro
PtWatchDog.exe 1,300 K 996 K 3640 Platinum Watch Dog Trend Micro Inc. (Verified) Trend Micro
PwmTower.exe 1.97 40,344 K 32,804 K 4588 (Verified) Trend Micro
PwmTower.exe 114,840 K 15,692 K 13548 (Verified) Trend Micro
RtkAudioService64.exe 2,156 K 3,444 K 2444 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RuntimeBroker.exe 6,608 K 2,580 K 11904 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,516 K 2,352 K 17144 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,272 K 12,880 K 14560 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 4,960 K 13,568 K 5044 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 10,724 K 4,572 K 6304 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 12,068 K 11,580 K 10908 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,968 K 4,296 K 6844 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 3,356 K 5,388 K 14788 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 52,288 K 12,016 K 8676 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,864 K 9,064 K 3744 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 4,772 K 5,016 K 984 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 25,764 K 9,804 K 6696 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 21,504 K 2,584 K 16344 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 488 K 524 K 536 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 11,636 K 14,996 K 2748 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,856 K 3,164 K 3200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,500 K 180 K 8932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,584 K 10,780 K 12180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,492 K 11,272 K 2276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,692 K 2,312 K 2504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,476 K 6,088 K 2584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,064 K 6,840 K 2684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,104 K 2,544 K 2420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,536 K 23,664 K 2564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,436 K 7,328 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 37,780 K 19,776 K 492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6,084 K 9,784 K 3040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,076 K 7,860 K 2840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,772 K 21,736 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,876 K 18,012 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,736 K 21,428 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,316 K 14,596 K 1532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.13 53,280 K 35,784 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnhService.exe 1,364 K 2,800 K 3156 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
SystemSettings.exe Suspended 19,740 K 6,108 K 16672 Settings Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,696 K 16,544 K 13508 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TmsaInstance64.exe 70,588 K 5,272 K 2516 TmsaInstance Trend Micro Inc. (Verified) Trend Micro
uiWatchDog.exe 1,380 K 1,072 K 2296 Trend Micro Client Session Agent Monitor Trend Micro Inc. (Verified) Trend Micro
wininit.exe 1,576 K 2,900 K 908 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2,140 K 8,096 K 14820 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 59,024 K 7,580 K 15612 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wmpnetwk.exe 9,696 K 9,028 K 4136 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
uiSeAgnt.exe 0.10 8,836 K 2,684 K 16376 Client Session Agent Trend Micro Inc. (Verified) Trend Micro
svchost.exe < 0.01 125,132 K 9,880 K 3224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,768 K 18,824 K 7856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
TouchpointAnalyticsClientService.exe < 0.01 48,896 K 18,872 K 8420 HP Touchpoint Analytics Client Service HP Inc. (Verified) HP Inc.
PwmSvc.exe < 0.01 20,588 K 16,592 K 3108 Trend Micro Password Manager Service Trend Micro Inc. (Verified) Trend Micro
svchost.exe 7,152 K 9,068 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPMSGSVC.exe < 0.01 3,716 K 9,480 K 9756 HP Message Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
HPWMISVC.exe < 0.01 3,428 K 7,488 K 16456 HP WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
TabTip32.exe < 0.01 3,644 K 6,392 K 12980 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
APSDaemon.exe < 0.01 9,096 K 16,576 K 2148 Apple Push Apple Inc. (Verified) Apple Inc.
SnippingTool.exe < 0.01 17,304 K 32,876 K 10032 Snipping Tool Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe < 0.01 4,208 K 1,844 K 772 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 7,848 K 11,036 K 9736 Google Chrome Google Inc. (Verified) Google Inc
fontdrvhost.exe 0.01 6,300 K 10,576 K 14604 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 8,120 K 11,456 K 17172 Google Chrome Google Inc. (Verified) Google Inc
unsecapp.exe < 0.01 3,520 K 2,540 K 5688 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe < 0.01 3,268 K 6,568 K 6712 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SettingSyncHost.exe 0.01 19,368 K 1,868 K 9040 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
hpqwmiex.exe < 0.01 4,448 K 4,508 K 11168 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
sihost.exe < 0.01 9,252 K 17,260 K 1956 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ApplePhotoStreams.exe < 0.01 7,200 K 17,284 K 12420 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.
RAVBg64.exe < 0.01 8,136 K 13,420 K 3652 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
CoolSense.exe < 0.01 4,560 K 1,928 K 15148 HP CoolSense Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
RadeonSettings.exe 0.01 198,728 K 2,404 K 14076 Radeon Settings: Host Application Advanced Micro Devices, Inc. (Verified) Advanced Micro Devices
AccelerometerSt.exe < 0.01 4,140 K 3,544 K 12712 Hp Accelerometer System Tray HP (Verified) HP Inc.
WmiPrvSE.exe < 0.01 12,044 K 12,248 K 5288 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe < 0.01 3,892 K 664 K 7280 Google Crash Handler Google Inc. (Verified) Google Inc
RtkNGUI64.exe < 0.01 6,644 K 14,372 K 1100 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ctfmon.exe 0.02 5,272 K 15,660 K 7204 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
MSASCuiL.exe < 0.01 4,096 K 11,232 K 10520 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe < 0.01 7,876 K 13,208 K 13544 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ApplicationFrameHost.exe < 0.01 19,980 K 17,016 K 17192 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
opvapp.exe < 0.01 3,972 K 9,128 K 16284 (No signature was present in the subject)
splwow64.exe < 0.01 5,800 K 7,668 K 4660 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 107,244 K 75,820 K 4368 Google Chrome Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe < 0.01 3,800 K 1,024 K 8124 Google Crash Handler Google Inc. (Verified) Google Inc
SynTPEnh.exe 0.01 8,976 K 17,300 K 12332 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
procexp.exe 0.01 5,456 K 12,968 K 9748 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OneDrive.exe 0.01 12,500 K 14,544 K 2892 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 0.01 5,488 K 11,432 K 14592 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
YouCamService.exe 0.01 7,080 K 1,588 K 13420 CyberLink YouCam Service CyberLink Corp. (Verified) CyberLink Corp.
mbamtray.exe 0.01 19,988 K 19,364 K 3628 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
conhost.exe 0.02 1,856 K 1,440 K 2912 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.02 9,480 K 9,832 K 8 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.01 68,084 K 34,868 K 3208 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe < 0.01 3,424 K 3,408 K 6056 MobileDeviceService Apple Inc. (Verified) Apple Inc.
conhost.exe 0.01 1,508 K 1,588 K 3272 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 0.53 6,084 K 17,708 K 14456 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 13,512 K 14,492 K 17336 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.03 148,336 K 82,052 K 16796 Google Chrome Google Inc. (Verified) Google Inc
iCloudServices.exe 0.02 48,644 K 11,616 K 716 iCloud Services Apple Inc. (Verified) Apple Inc.
chrome.exe 0.03 37,980 K 46,016 K 17884 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.11 84,828 K 102,832 K 17052 Google Chrome Google Inc. (Verified) Google Inc
Memory Compression < 0.01 2,212 K 200,036 K 2072
explorer.exe 0.19 50,392 K 64,916 K 4524 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.10 137,700 K 155,620 K 17132 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.09 110,516 K 127,764 K 14124 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.25 25,836 K 34,992 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
PwmTower.exe 0.41 24,756 K 16,176 K 5452 (Verified) Trend Micro
csrss.exe 3.33 5,544 K 5,036 K 12224 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 1.22 180 K 6,640 K 4
MBAMService.exe 1.36 235,432 K 104,428 K 3404 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
dwm.exe 2.03 48,312 K 24,792 K 11252 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 1.53 0 K 0 K n/a Hardware Interrupts and DPCs
WmiPrvSE.exe 1.96 16,848 K 20,204 K 5296 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 2.33 23,916 K 43,080 K 17648 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
procexp64.exe 9.00 48,516 K 70,392 K 15708 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
coreServiceShell.exe 15.02 450,916 K 203,116 K 1868 Trend Micro Anti-Malware Solution Platform Trend Micro Inc. (Verified) Trend Micro
System Idle Process 56.42 52 K 8 K 0
reg.exe 0.49 972 K 2,272 K 6064
reg.exe 0.10 692 K 892 K 13940 Registry Console Tool Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 0.89 924 K 4,036 K 18148
 

  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi

Couple of things from the process explorer.
 

HPSupportSolutionsFrameworkService.exe 34,304 K 13,428 K 10864 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.


This program is taking up a fair bit of CPU. It's not a mandatory program and your computer will operate without it. We will turn this service to manual start to see what effect this has.

FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   149bytes   27 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    You also have some McAfee processes running but i don't see it listed in the installed programs in your logs - do you know if you have this installed or did have this installed or is a paid subscription?

    You are already well protected by the Trend Micro product AV so I would say you don't need it and indeed can cause conflicts and speed issues.

    If your ok I would recommend removal of the McAfee processes.

  • 0

#12
Betty Boopster

Betty Boopster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello,   
Hope you had a good day.
 
The computer seems very slow between commands.  
I give permission for McAfee to be removed.  I believe it was missed when trying to download the out of date Flashplayer.
 
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-03-2018 22:18:58)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
==== End of Fixlog 22:18:59 ====

  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi BettyBoopster

I'm not sure if the last fix worked.

Please go to your desktop and delete all the existing text files for FRST - any FRST.txt, Addition.txt and fixlog.txt and also a folder called FRST older version if it exists. Don't delete the FRST64.exe.

Once that is done follow the instructions from post #11 again.

Thanks
  • 0

#14
Betty Boopster

Betty Boopster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Well bad news, I can not find FRST64.exe file.  I deleted all you told me to and the FRST file was there, I opened your last reply to copy it to have in front of me and I minimized and went back to my desktop, and Frst64 was gone.   I have check everywhere I could not find it.   Now What.

I entered  all the C:\users\Admin\,bettytboop1, or what I could think of but as got was  "Windows could not find yadda yadda, moved or delete" message.  [bleep] I know I am so annoying.  I even check the recycle bin and it was not in there either.

         

Attached Thumbnails

  • recycle bin.JPG
  • Desktop.JPG

Edited by Betty Boopster, 17 March 2018 - 11:07 AM.

  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,703 posts
Hi

Don't worry we can download FRST again. :)


Please download Farbar Recovery Scan Tool and save it to your Desktop. Download the 64 bit version.

Then follow the instructions from post #11.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP