Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very sluggish computer. Suspecting malware.

Started by Andre Silva , Feb 02 2016 11:15 PM

  • Please log in to reply

#46
RKinner
Posted 17 February 2016 - 06:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

I see Warsaw 1.11.0.42826 is still in the uninstall list.  Please try to uninstall it first.  If it uninstalls then reboot and then run FRST and do the fix:

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
If it doesn't reboot please tell it to.  Hopefully it will boot this time without having to do a system restore.  Then run a new FRST scan with Addition and let's see where we are.
 
 

  • 0

Advertisements

#47
Andre Silva
Posted 20 February 2016 - 11:15 PM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner,

 

Sorry for the late reply. I'm resolving some family matters. I'll resume our work tomorrow.

 

Thank you for your patience.

 

Andre


  • 0

#48
Andre Silva
Posted 23 February 2016 - 09:39 PM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner,

 

Thank you for your enormous patience. I'm back in business.

 

However, I was not able to uninstall Warsaw from Control Panel. Please see error screen shot.

 

Ready for your next instructions, please.

 

Thank you!

Attached Thumbnails

  • warsaw-error.JPG

  • 0

#49
RKinner
Posted 23 February 2016 - 09:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

OK.  See if you can run the fixlist in post #46

http://www.geekstogo...-4#entry2551734


  • 0

#50
Andre Silva
Posted 07 March 2016 - 06:04 PM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner,

 

I'm back in business. Thanks for your enormous patience. I was traveling and could not resume our work until now. Here is the fixlog.

 

Ready for your next instructions, please. Thank you!!!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Izilda (2016-03-07 18:55:30) Run:4
Running from C:\Users\Izilda\Desktop
Loaded Profiles: Izilda (Available Profiles: Izilda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\MountPoints2: {520b7578-3f36-11e1-9d4c-806e6f6e6963} - E:\Setup.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
Tcpip\..\Interfaces\{0211F5D2-0B48-4A83-8097-2D3C20677B0B}: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1
Tcpip\..\Interfaces\{894FB0E4-5432-4A2A-B791-AB7238B6F4E2}: [DhcpNameServer] 200.142.132.32 200.220.227.57
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-06-10] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/cef -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-17] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/uni -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-01-15] (GAS Tecnologia)
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-01-17] [not signed]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: GBBD Guardião - Itaú 30 horas - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-03-24] [not signed]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-04] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2015-09-15]
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-19]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S4 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S4 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-13] (GAS Tecnologia)
S4 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
S4 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S4 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-01-12] (GAS Tecnologia)
S4 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S4 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2016-02-13 18:21 - 2015-08-27 21:03 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-02-11 23:23 - 2015-05-04 13:34 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
C:\Users\Izilda\AppData\Local\Temp\2lj4u2du.dll
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
Task: {0EE9EEF0-21B1-45E3-B7CF-F59434679A53} - System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:5B1620CE_Bb.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
















 

*****************

C:\Program Files (x86)\GbPlugin\gbpsv.exe => Could not close process
C:\Program Files (x86)\GbPlugin\gbpsv.exe => Could not close process
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb => key not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni => key not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520b7578-3f36-11e1-9d4c-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{520b7578-3f36-11e1-9d4c-806e6f6e6963} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8 => key not found.
"HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0211F5D2-0B48-4A83-8097-2D3C20677B0B}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{894FB0E4-5432-4A2A-B791-AB7238B6F4E2}\\DhcpNameServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/bb => key not found.
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll => not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/bb64" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/cef" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll => moved successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/uni" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll => moved successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D} => value removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => moved successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873} => value removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => moved successfully
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C} => value removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei => moved successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei" => key removed successfully
C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx => moved successfully
GbpSv => Unable to stop service.
GbpSv => service removed successfully
Warsaw Technology => service removed successfully
gbpddfac => service removed successfully
gbpddfac => service not found.
GbpKm => service removed successfully
GBPRCM => service removed successfully
Warsaw_PP => Service stopped successfully.
Warsaw_PP => service removed successfully
wsddfac => service removed successfully
wsddpp => service removed successfully
gbpddreg => service removed successfully
C:\Windows\system32\Drivers\gbpddfac64.sys => moved successfully
C:\Program Files (x86)\GAS Tecnologia => moved successfully
C:\Users\Izilda\AppData\Local\Temp\2lj4u2du.dll => moved successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EE9EEF0-21B1-45E3-B7CF-F59434679A53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE9EEF0-21B1-45E3-B7CF-F59434679A53}" => key removed successfully
C:\Windows\System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{086040D7-8B51-4901-9C99-9A59D7D1A236}" => key removed successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\Windows\System32 => ":5B1620CE_Bb.gbp" ADS removed successfully.
"C:\Windows\system32\Drivers\gbpddfac64.sys" => ":X5ZN8aGvT4" ADS not found.
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 18:55:45 ====


  • 0

#51
RKinner
Posted 07 March 2016 - 06:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

I assume it survived the reboot this time.

 

Let's do a process explorer log and see where we stand.


  • 0

#52
Andre Silva
Posted 07 March 2016 - 06:11 PM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Yep, it survived the reboot :)

 

Here is process log:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    56.73    0 K    24 K    0            
svchost.exe    22.46    164,356 K    172,552 K    956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastSvc.exe    10.94    93,888 K    54,944 K    1864    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
HPSA_Service.exe    3.64    55,908 K    51,264 K    3252    HP Support Assistant Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
procexp64.exe    2.22    31,172 K    52,724 K    7068    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Interrupts    1.29    0 K    0 K    n/a    Hardware Interrupts and DPCs        
HPSF.exe    0.78    95,724 K    87,052 K    5220    HP Support Assistant    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
System    0.50    304 K    1,172 K    4            
dwm.exe    0.37    33,672 K    32,472 K    3424    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Dropbox.exe    0.23    165,544 K    147,236 K    4504    Dropbox    Dropbox, Inc.    (Verified) Dropbox
csrss.exe    0.20    3,412 K    8,884 K    572    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.16    191,308 K    209,992 K    3272    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.11    35,896 K    50,704 K    2156    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.08    35,576 K    54,232 K    1116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
RNowSvc.exe    0.07    1,904 K    4,684 K    3236    Windows Service App    Roxio    (Verified) Sonic Solutions
gbpsv.exe    0.04    32,300 K    36,832 K    924    G-Buster Browser Defense - Service    GAS Tecnologia    (Verified) GAS INFORMATICA LTDA
WmiPrvSE.exe    0.03    3,792 K    7,608 K    3676    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.03    57,676 K    88,112 K    1660    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.02    64,916 K    101,052 K    5508    Google Chrome    Google Inc.    (Verified) Google Inc
CCC.exe    0.02    104,688 K    4,712 K    5512    Catalyst Control Center: Host application    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
AppleMobileDeviceService.exe    0.02    3,024 K    9,416 K    2624    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
chrome.exe    0.01    45,916 K    44,164 K    364    Google Chrome    Google Inc.    (Verified) Google Inc
csrss.exe    0.01    2,448 K    4,976 K    472    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
MOM.exe    0.01    40,240 K    5,300 K    3988    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    (No signature was present in the subject) Advanced Micro Devices Inc.
lsass.exe    0.01    7,556 K    15,828 K    672    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
avastui.exe    < 0.01    18,212 K    19,760 K    4968    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
SoftwareUpdate.exe    < 0.01    18,612 K    39,004 K    5176    Apple Software Update    Apple Inc.    (Verified) Apple Inc.
WUDFHost.exe    < 0.01    7,656 K    7,656 K    1568    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    < 0.01    12,444 K    18,288 K    2812    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe    < 0.01    2,952 K    4,680 K    680    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    38,552 K    18,680 K    4752    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    4,500 K    8,364 K    972    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
YCMMirage.exe    < 0.01    1,748 K    1,024 K    5100    YouCam Mirage    CyberLink    (Verified) CyberLink
svchost.exe    < 0.01    17,596 K    19,284 K    1724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
ezSharedSvcHost.exe    < 0.01    1,572 K    5,468 K    2972    Shared EasyBits services for Windows    EasyBits Software AS    (Verified) EasyBits Software AS
WLIDSVC.EXE    < 0.01    8,232 K    15,656 K    3400    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
svchost.exe    < 0.01    4,000 K    7,120 K    4780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    9,676 K    14,840 K    1068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    < 0.01    6,336 K    9,544 K    484    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
HPConnectionManager.exe    < 0.01    82,028 K    89,984 K    6140    HPConnectionManager    Hewlett-Packard Development Company L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
svchost.exe    < 0.01    53,844 K    35,916 K    2828    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
stacsv64.exe    < 0.01    12,920 K    9,000 K    1156    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
SynTPEnh.exe    < 0.01    9,228 K    13,220 K    4204    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
hpservice.exe    < 0.01    1,824 K    4,952 K    1424    HpService    Hewlett-Packard Company    (Verified) Microsoft Windows Hardware Compatibility Publisher
WR_Tray_Icon.exe        2,036 K    1,160 K    5592    Tweaking.com - Windows Repair Tray Icon    Tweaking.com    (Verified) Tweaking LLC
WmiPrvSE.exe        8,832 K    15,096 K    3712    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,836 K    6,360 K    5792    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        1,528 K    3,624 K    3596    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        3,124 K    7,620 K    644    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,664 K    4,668 K    548    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,112 K    5,676 K    4100    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,208 K    6,044 K    4880    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        6,284 K    11,324 K    5048    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TrueSuiteService.exe        1,756 K    5,408 K    880    HP Service    HP    (Verified) AuthenTec
TouchControl.exe        4,484 K    13,376 K    2880    TouchControl    HP    (Verified) AuthenTec
TeamViewer_Service.exe        5,392 K    13,484 K    3356    TeamViewer 10    TeamViewer GmbH    (Verified) TeamViewer
taskeng.exe        2,004 K    5,508 K    2020    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,412 K    6,424 K    4960    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,484 K    6,312 K    5560    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
SZDrvSvc.exe        1,536 K    4,904 K    3320    SZDrvSvc    Clarus, Inc.    (No signature was present in the subject) Clarus, Inc.
SynTPHelper.exe        1,592 K    3,788 K    4952    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        14,948 K    16,012 K    1820    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,104 K    10,532 K    792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        24,564 K    21,980 K    476    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,160 K    7,108 K    1656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,820 K    6,024 K    1292    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,768 K    11,392 K    2932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,084 K    5,736 K    3288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sttray64.exe        9,124 K    19,808 K    4244    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe        9,248 K    15,144 K    2000    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        568 K    1,240 K    328    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,256 K    11,524 K    604    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
rundll32.exe        2,100 K    6,484 K    4064    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
RIconMan.exe        2,508 K    6,108 K    2912    Realtek Card Reader Icon Tool.    Realsil Microelectronics Inc.    (No signature was present in the subject) Realsil Microelectronics Inc.
procexp.exe        2,460 K    7,740 K    7040    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        36,840 K    38,332 K    3460    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
PMBDeviceInfoProvider.exe        1,440 K    4,732 K    3216    Device Information Provider    Sony Corporation    (Verified) Sony Corporation
notepad.exe        2,072 K    6,884 K    1844    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
NitroPDFReaderDriverService3x64.exe        1,672 K    4,012 K    3168    Nitro PDF Spool Service    Nitro PDF Software    (Verified) Nitro PDF Software
NitroPDFDriverServicex64.exe        1,608 K    3,988 K    3120    Solid Spool Service    Nitro PDF Software    (Verified) Nitro PDF Software
jusched.exe        2,360 K    5,540 K    4712    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
HPWMISVC.exe        1,352 K    4,016 K    2648    HP Quick Launch WMI Service    Hewlett-Packard Development Company, L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
hpqWmiEx.exe        3,960 K    8,672 K    5092    HP Software Framework WMI Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
hpCMSrv.exe        4,016 K    9,160 K    5780    HP Connection Manager Service    Hewlett-Packard Development Company L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPClientServices.exe        3,988 K    8,232 K    2148    HP Client Services    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
GWX.exe        4,104 K    1,568 K    3012    GWX    Microsoft Corporation    (Verified) Microsoft Windows
GoogleUpdate.exe        2,332 K    2,448 K    4344    Google Installer    Google Inc.    (Verified) Google Inc
gbpsv.exe        24,372 K    24,396 K    3364    G-Buster Browser Defense - Service    GAS Tecnologia    (Verified) GAS INFORMATICA LTDA
Fuel.Service.exe        4,824 K    10,160 K    2564    AMD Fuel Service    Advanced Micro Devices, Inc.    (No signature was present in the subject) Advanced Micro Devices, Inc.
DropboxUpdate.exe        2,528 K    3,128 K    4352    Dropbox Update    Dropbox, Inc.    (Verified) Dropbox
chrome.exe        25,208 K    54,712 K    2924    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        47,552 K    81,144 K    5868    Google Chrome    Google Inc.    (Verified) Google Inc
BioMonitor.exe        1,544 K    5,196 K    3628    BioMonitor    HP    (Verified) AuthenTec
audiodg.exe        16,892 K    17,276 K    1220    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,736 K    4,580 K    120    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        2,616 K    6,820 K    1432    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe        1,240 K    4,056 K    2096    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AESTSr64.exe        1,324 K    3,032 K    2180    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
AdobeARM.exe        4,676 K    13,072 K    4644    Adobe Reader and Acrobat Manager    Adobe Systems Incorporated    (Verified) Adobe Systems
ABRTMon.exe        4,760 K    9,016 K    4444    ABRTMon    Clarus, Inc.    (No signature was present in the subject) Clarus, Inc.
 


  • 0

#53
RKinner
Posted 07 March 2016 - 06:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

svchost.exe    22.46

 

Hit Space bar and then

Hover over the top svchost.exe and it should tell you what services are running on it.  Usually it's Windows Update causing the problem.  Do you see it in the list?

 

If so, search for services.msc and hit Enter.  It should bring up the Services menu.  Find Windows Update and right click on it and select Properties.  Hit Stop which should stop the service then run a new Process Explorer log and let's see if that helped.


  • 0

#54
Andre Silva
Posted 07 March 2016 - 07:11 PM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

OK. I ran Services and stopped Windows Update. Here is new process log:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    94.76    0 K    24 K    0            
procexp64.exe    2.02    33,644 K    54,560 K    7976    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Interrupts    0.95    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    0.40    34,508 K    31,280 K    3424    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
System    0.33    316 K    1,684 K    4            
SynTPEnh.exe    0.33    9,228 K    13,468 K    4204    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
firefox.exe    0.29    224,536 K    251,052 K    3272    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    0.25    3,480 K    9,284 K    572    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
Dropbox.exe    0.18    173,444 K    156,412 K    4504    Dropbox    Dropbox, Inc.    (Verified) Dropbox
avastui.exe    0.08    19,500 K    26,104 K    4968    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.08    35,656 K    51,432 K    1116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.06    43,660 K    64,496 K    2156    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
gbpsv.exe    0.04    32,328 K    36,872 K    924    G-Buster Browser Defense - Service    GAS Tecnologia    (Verified) GAS INFORMATICA LTDA
lsass.exe    0.04    7,624 K    15,928 K    672    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
CCC.exe    0.04    104,232 K    21,584 K    5512    Catalyst Control Center: Host application    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
AvastSvc.exe    0.03    98,536 K    41,192 K    1864    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
WmiPrvSE.exe    0.03    3,900 K    7,920 K    3676    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.02    37,384 K    63,116 K    5220    Google Chrome    Google Inc.    (Verified) Google Inc
MOM.exe    0.01    40,240 K    7,704 K    3988    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    (No signature was present in the subject) Advanced Micro Devices Inc.
chrome.exe    0.01    35,300 K    27,964 K    6304    Google Chrome    Google Inc.    (Verified) Google Inc
svchost.exe    0.01    5,104 K    10,508 K    792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    < 0.01    3,076 K    9,452 K    2624    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
YCMMirage.exe    < 0.01    1,748 K    748 K    5100    YouCam Mirage    CyberLink    (Verified) CyberLink
taskhost.exe    < 0.01    13,404 K    19,148 K    2812    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    49,540 K    41,208 K    4752    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
ezSharedSvcHost.exe    < 0.01    1,572 K    5,436 K    2972    Shared EasyBits services for Windows    EasyBits Software AS    (Verified) EasyBits Software AS
svchost.exe    < 0.01    18,044 K    20,732 K    1724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    4,100 K    7,164 K    4780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    10,112 K    16,012 K    1068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    < 0.01    8,216 K    15,636 K    3400    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
svchost.exe    < 0.01    179,896 K    188,520 K    956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WUDFHost.exe    < 0.01    7,660 K    7,660 K    1568    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
HPSA_Service.exe    < 0.01    44,756 K    45,808 K    3252    HP Support Assistant Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
HPConnectionManager.exe    < 0.01    80,880 K    88,888 K    6140    HPConnectionManager    Hewlett-Packard Development Company L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
stacsv64.exe    < 0.01    12,976 K    9,068 K    1156    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
gbpsv.exe    < 0.01    24,344 K    24,316 K    3364    G-Buster Browser Defense - Service    GAS Tecnologia    (Verified) GAS INFORMATICA LTDA
svchost.exe    < 0.01    55,564 K    38,148 K    2828    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
hpservice.exe    < 0.01    1,824 K    4,948 K    1424    HpService    Hewlett-Packard Company    (Verified) Microsoft Windows Hardware Compatibility Publisher
WR_Tray_Icon.exe        2,036 K    568 K    5592    Tweaking.com - Windows Repair Tray Icon    Tweaking.com    (Verified) Tweaking LLC
wmpnetwk.exe        7,396 K    7,984 K    484    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        10,416 K    16,844 K    3712    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        1,528 K    3,624 K    3596    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        3,284 K    7,780 K    644    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,664 K    4,668 K    548    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,472 K    6,352 K    4880    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,140 K    5,884 K    4100    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        6,324 K    11,360 K    5048    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TrueSuiteService.exe        1,756 K    5,396 K    880    HP Service    HP    (Verified) AuthenTec
TouchControl.exe        4,484 K    13,380 K    2880    TouchControl    HP    (Verified) AuthenTec
TeamViewer_Service.exe        5,392 K    13,480 K    3356    TeamViewer 10    TeamViewer GmbH    (Verified) TeamViewer
taskeng.exe        2,468 K    6,680 K    4960    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,432 K    6,376 K    5560    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
SZDrvSvc.exe        1,536 K    4,904 K    3320    SZDrvSvc    Clarus, Inc.    (No signature was present in the subject) Clarus, Inc.
SynTPHelper.exe        1,592 K    3,784 K    4952    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        15,464 K    16,536 K    1820    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        25,024 K    21,820 K    476    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,916 K    8,808 K    972    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,160 K    7,108 K    1656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,300 K    6,556 K    3288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,928 K    6,096 K    1292    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,364 K    11,952 K    2932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sttray64.exe        9,124 K    19,804 K    4244    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe        9,196 K    15,124 K    2000    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        568 K    1,240 K    328    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,376 K    11,716 K    604    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
rundll32.exe        2,100 K    6,484 K    4064    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
RNowSvc.exe        2,156 K    4,912 K    3236    Windows Service App    Roxio    (Verified) Sonic Solutions
RIconMan.exe        2,508 K    6,108 K    2912    Realtek Card Reader Icon Tool.    Realsil Microelectronics Inc.    (No signature was present in the subject) Realsil Microelectronics Inc.
procexp.exe        2,460 K    7,768 K    8040    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        36,840 K    38,340 K    3460    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
PMBDeviceInfoProvider.exe        1,440 K    4,728 K    3216    Device Information Provider    Sony Corporation    (Verified) Sony Corporation
NitroPDFReaderDriverService3x64.exe        1,672 K    4,012 K    3168    Nitro PDF Spool Service    Nitro PDF Software    (Verified) Nitro PDF Software
NitroPDFDriverServicex64.exe        1,608 K    3,988 K    3120    Solid Spool Service    Nitro PDF Software    (Verified) Nitro PDF Software
lsm.exe        2,960 K    4,708 K    680    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
jusched.exe        2,360 K    5,532 K    4712    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
HPWMISVC.exe        1,352 K    4,016 K    2648    HP Quick Launch WMI Service    Hewlett-Packard Development Company, L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
hpqWmiEx.exe        3,960 K    8,660 K    5092    HP Software Framework WMI Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
hpCMSrv.exe        4,020 K    9,172 K    5780    HP Connection Manager Service    Hewlett-Packard Development Company L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPClientServices.exe        3,992 K    8,248 K    2148    HP Client Services    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
GWX.exe        4,104 K    1,928 K    3012    GWX    Microsoft Corporation    (Verified) Microsoft Windows
GoogleUpdate.exe        2,336 K    2,568 K    4344    Google Installer    Google Inc.    (Verified) Google Inc
Fuel.Service.exe        4,824 K    10,160 K    2564    AMD Fuel Service    Advanced Micro Devices, Inc.    (No signature was present in the subject) Advanced Micro Devices, Inc.
explorer.exe        29,156 K    34,900 K    6360    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
DropboxUpdate.exe        2,592 K    3,160 K    4352    Dropbox Update    Dropbox, Inc.    (Verified) Dropbox
csrss.exe        2,732 K    5,244 K    472    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe        42,992 K    74,628 K    8056    Google Chrome    Google Inc.    (Verified) Google Inc
BioMonitor.exe        1,544 K    5,196 K    3628    BioMonitor    HP    (Verified) AuthenTec
audiodg.exe        17,048 K    17,052 K    6624    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,736 K    4,580 K    120    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        2,616 K    6,844 K    1432    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe        1,240 K    4,052 K    2096    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AESTSr64.exe        1,324 K    3,028 K    2180    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
AdobeARM.exe        4,676 K    13,068 K    4644    Adobe Reader and Acrobat Manager    Adobe Systems Incorporated    (Verified) Adobe Systems
ABRTMon.exe        4,760 K    9,004 K    4444    ABRTMon    Clarus, Inc.    (No signature was present in the subject) Clarus, Inc.
 

Attached Thumbnails

  • svchost.png

  • 0

#55
RKinner
Posted 07 March 2016 - 07:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

OK.  It was the culprit.  Should be fairly quick now.

 

Go in and START Windows Update and see if it still stays high.

 

See if you can run the System Update Readiness

 

https://support.micr...en-us/kb/947821


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP