BleepingComputer.com: Infected XP antivirus 2012 removed now no Internet and more infection.

Hi

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
• Scroll down to where it says Java SE 6 Update 30
• Click the Download button under JRE to the right.
• Read the License Agreement then select Accept License Agreement
• Click on the link to download Windows x86 Offline and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Computer seems to be running much much better.
See log and attach.
Has this cleared the infected Restore points?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by (redacted) at 15:04:35 on 2012-01-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1328 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
C:\Programs\Eraser\eraser.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Documents and Settings\(redacted)\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\(redacted)\Application Data\Dropbox\bin\Dropbox.exe
C:\Programs\SpywareGuard\sgmain.exe
C:\Programs\SpywareGuard\sgbhp.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\programs\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programs\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
uRun: [SpybotSD TeaTimer] c:\programs\spybot - search & destroy\TeaTimer.exe
uRun: [Eraser] c:\programs\eraser\eraser.exe -hide
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Google Update] "c:\documents and settings\(redacted)\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\(redacted)\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\(redacted)\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\(redacted)\startm~1\programs\startup\itunes.lnk - c:\program files\itunes\iTunes.exe
StartupFolder: c:\docume~1\(redacted)\startm~1\programs\startup\spywar~1.lnk - c:\programs\spywareguard\sgmain.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programs\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.bmhcc.org/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{EE3D8277-8686-4376-81CF-30873D79C1A9} : DhcpNameServer = 10.0.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\programs\spywareguard\spywareguard.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\(redacted)\application data\mozilla\firefox\profiles\kp0tg4ga.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\(redacted)\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-8-11 902592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-12 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-12 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-12 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-11 74640]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2011-3-24 83968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-11-13 19056]
S2 AudioSrv32;Windows Audio ;c:\windows\system32\kbdfi32.exe --> c:\windows\system32\kbdfi32.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-12 12672]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-12-19 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
.
=============== Created Last 30 ================
.
2012-01-01 20:24:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 06:04:51 98816 ----a-w- c:\windows\sed.exe
2011-12-31 06:04:51 518144 ----a-w- c:\windows\SWREG.exe
2011-12-31 06:04:51 256000 ----a-w- c:\windows\PEV.exe
2011-12-31 06:04:51 208896 ----a-w- c:\windows\MBR.exe
2011-12-26 05:01:11 -------- d-----w- c:\windows\pss
2011-12-24 04:50:05 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-24 04:49:46 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-24 04:49:46 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-24 04:49:19 -------- d-----w- c:\program files\AVG
2011-12-24 04:47:27 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-12-20 01:08:51 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-12-19 23:47:28 -------- d-----w- c:\program files\LeapFrog
2011-12-19 23:47:28 -------- d-----w- c:\documents and settings\all users\application data\Leapfrog
2011-12-18 07:43:42 -------- d-----w- c:\program files\iPod
2011-12-18 07:43:40 -------- d-----w- c:\program files\iTunes
2011-12-13 05:00:03 -------- d-----w- c:\documents and settings\(redacted)\application data\Avira
2011-12-13 04:54:30 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-13 04:54:29 -------- d-----w- c:\program files\Avira
2011-12-13 04:54:29 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2012-01-01 20:23:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-21 17:29:20 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 00:39:24 680624 ----a-w- c:\windows\system32\Toyota Sponsafier 4.scr
2011-10-19 22:56:50 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 04:23:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 23:38:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 12:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
============= FINISH: 15:05:35.15 ===============

Not yet, they will be reset when we uninstall ComboFix

just some housekeeping to do now, please do the following:


You can delete the Farbar Service Scanner, TDSSKiller, DDS and GMER logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix

• Make sure your security programs are totally disabled.
  
• Click START then RUN
  
• Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  
  
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
  
  
• Download TFC to your desktop
  
  • Close any open windows.
    
  • Double click the TFC icon to run the program
    
  • TFC will close all open programs itself in order to run,
    
  • Click the Start button to begin the process.
    
  • Allow TFC to run uninterrupted.
    
  • The program should not take long to finish it's job
    
  • Once its finished it should automatically reboot your machine,
    
  • if it doesn't, manually reboot to ensure a complete clean
  
  It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  
  
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
    
  • Yellow for caution
    
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Thank you for all of your help. Before you go, is there a sure fire way to determine what hardware i have missing in my device manager. on every restart I have an unknown hardware alert that comes up. i try to search for the driver online but windows cannot determine what is needed. Just looking through the list, I cannot tell what is missing. Any ideas?

hmm, I would have thought it would give a clue as to what is looking for a driver?

If you go into device manager and expand all the trees are there any alert triangles on anything?

Press the WinKey + R to open a run box > copy/paste devmgmt.msc into the open run box > press OK > Device Manager will open.

It was intel Viiv technology quick restart driver. Thanks for all of your help. Please close thread.

you are welcome

stay safe

~CB

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.