Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Service Host and System taking up 99% CPU or DISK


  • Please log in to reply
13 replies to this topic

#1 Irishforever

Irishforever

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 05 July 2015 - 09:43 AM

So about a week ago my computer started acting really slow and unusual. I opened the Task Manager and the process System and Service Host were taking a huge amount of my CPU and Disk. Also a program called Windows host process(Runfll32) has been doing the same. I immediately ran a Maleware Bytes scan and re-downloaded avast to run an anti-virus scan. Those found nothing and so I am really confused as to why it is doing this. This doesn't happen for a very long time either. They can start and stop in 5 seconds or 30 mins and it seems to be happening randomly. The computer could be sitting there doing nothing and it still does it. I have a HP Envy 15 laptop and it runs windows 8.1. Any help would be appreciated.


Edited by hamluis, 05 July 2015 - 10:56 AM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 05 July 2015 - 02:11 PM

Hello, and welcome to Bleeping Computer :)

Please follow instructions here and let me know which services belong to the svchost.exe processes that take up the most CPU.

For convenience, you can take a screenshot (see instructions here) of the processes and their service lists, then upload it to Imgur and copy the IMG link here.

After that run this.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#3 Irishforever

Irishforever
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 06 July 2015 - 08:17 PM

Sorry for the delayed reply. As I mentioned it has been happening randomly so I had to wait until it happened again. Here is the notepad of the scan you said to run. It is as follows. 

 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/6/2015 5:54:29 PM
User account: OBRIENPC\Sean
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 7/6/2015 6:03:46 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\PLSAPP.EXE detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{ED721A76-8160-4DA0-A18E-7FD7C4574774} detected: Application.AdSend (A)
Key: HKEY_USERS\S-1-5-21-4059998111-1479623818-2956926651-1002\SOFTWARE\PURELEADS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PURELEADS_RASAPI32 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PURELEADS_RASMANCS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PURELEADS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\PURELEADS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\PLSAPP detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\PLSVCV2 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\PLSVCV2 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB} detected: Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD} detected: Adware.Superfish (A)
 
Scanned 97706
Found 47
 
Scan end: 7/6/2015 6:28:24 PM
Scan time: 0:24:38
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Quarantined Adware.Superfish (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\PLSVCV2 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\PLSVCV2 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\NETWORK\PLSAPP Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\PURELEADS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PURELEADS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PURELEADS_RASMANCS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PURELEADS_RASAPI32 Quarantined Application.AdSend (A)
Key: HKEY_USERS\S-1-5-21-4059998111-1479623818-2956926651-1002\SOFTWARE\PURELEADS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{ED721A76-8160-4DA0-A18E-7FD7C4574774} Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\PLSAPP.EXE Quarantined Application.AdSend (A)
 
Quarantined 38
 

The screenshots of the Task manager and the other thing you said are in this album.  http://imgur.com/a/HRdPu



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 09 July 2015 - 05:35 PM

Looks like a lot of adware related entries... Let's clean things up first.

Apologies for the wait, I think I read the mail and forgot about it.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#5 shamrin

shamrin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 09 July 2015 - 06:07 PM

We had a similar issue today and had to solve the problem ourselves. I'm sure you'll get a more thourough answer shortly but we found the problem here:

 

C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\zipfldr.dll

 

We used the FRST program to track it down along with our experience from the last Poweliks virus. ESET Poweliks Remover doesn't find it yet but I assume it will eventually.

 

If you want a slightly more detailed explanation I wrote it up here.


Edited by shamrin, 09 July 2015 - 06:10 PM.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 09 July 2015 - 06:10 PM

This isn't Poweliks... the real Poweliks is fileless, so this is some other malware.

It is normal for ESET Poweliks Cleaner to not target it as it is not what the tool is designed to remove.

Edit: Besides, FRST is not allowed outside of the Malware Removal Logs area... just want to let you know.

Edited by Alexstrasza, 09 July 2015 - 06:15 PM.


#7 Irishforever

Irishforever
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 17 July 2015 - 07:32 AM

Sorry it took so long, I have been a bit busy.

 

 

# AdwCleaner v4.208 - Logfile created 17/07/2015 at 06:29:27

# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Sean - OBRIENPC
# Running from : C:\Users\Sean\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [5789 bytes] - [19/05/2014 21:01:41]
AdwCleaner[R1].txt - [1748 bytes] - [18/06/2014 18:02:00]
AdwCleaner[R2].txt - [6857 bytes] - [17/07/2015 06:29:27]
AdwCleaner[S0].txt - [5884 bytes] - [19/05/2014 21:03:44]
AdwCleaner[S1].txt - [2284 bytes] - [18/06/2014 18:03:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [7034 bytes] ##########


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 17 July 2015 - 07:43 AM

Hello there,

Please re-run AdwCleaner and choose Cleaning for all detections. After that click Logfile and post the cleaning log here.

After that please run this.

Junkware Removal Tool by Malwarebytes Corporation

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Regards,
Alex

#9 Irishforever

Irishforever
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 24 July 2015 - 01:58 AM

Again sorry for the wait here is the things you said to run and their logs.

First you said to run ADW cleaner again and clean then post the log.

 

# AdwCleaner v4.208 - Logfile created 24/07/2015 at 00:44:18
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Sean - OBRIENPC
# Running from : C:\Users\Sean\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [5789 bytes] - [19/05/2014 21:01:41]
AdwCleaner[R1].txt - [1748 bytes] - [18/06/2014 18:02:00]
AdwCleaner[R2].txt - [7289 bytes] - [17/07/2015 06:29:27]
AdwCleaner[R3].txt - [7096 bytes] - [24/07/2015 00:38:35]
AdwCleaner[S0].txt - [5884 bytes] - [19/05/2014 21:03:44]
AdwCleaner[S1].txt - [2284 bytes] - [18/06/2014 18:03:52]
AdwCleaner[S2].txt - [6951 bytes] - [24/07/2015 00:44:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7010  bytes] ##########
 
Then you asked me to run the junkware removal tool and the log is as follows.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Sean on Thu 07/23/2015 at 21:41:41.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (Sean)
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster Update
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEB54677-E12F-44E7-AC7E-48241B866B5F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEB54677-E12F-44E7-AC7E-48241B866B5F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BEB54677-E12F-44E7-AC7E-48241B866B5F}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Sean\Appdata\Local\google\chrome\user data\default\local storage\hxxp_st.chatango.com_0.localstorage
Successfully deleted: [File] C:\Users\Sean\Appdata\Local\google\chrome\user data\default\local storage\hxxp_st.chatango.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Sean\desktop\flvto youtube downloader.lnk
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Users\Sean\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Program Files (x86)\clipgrab
Successfully deleted: [Folder] C:\Program Files (x86)\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clipgrab
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Sean\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Sean\Appdata\Local\flvto youtube downloader
Successfully deleted: [Folder] C:\Users\Sean\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\Sean\Documents\add-in express
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Sean\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
 
[C:\Users\Sean\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Sean\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ajopnjidmegmdimjlfnijceegpefgped
 
[C:\Users\Sean\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Sean\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ajopnjidmegmdimjlfnijceegpefgped
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/24/2015 at  0:16:47.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Thank you for your patience with me. I will say the problem with my system taking up a bunch of resources happened 3 more times in this past week with the same symptoms as before.


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 24 July 2015 - 03:18 AM

Hi there,

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


====

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#11 Irishforever

Irishforever
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 30 July 2015 - 03:25 PM

Okay so Malware bytes didn't detect anything at all and came back clean. The ESET cleaner however found 6 items and I will post the log here. 

C:\Users\Sean\Documents\LG-L70 Backup\Download\tr-1.apk a variant of Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\Sean\Documents\LG-L70 Backup\Download\tr-2.apk a variant of Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\Sean\Documents\LG-L70 Backup\Download\tr.apk a variant of Android/Exploit.Towel.A trojan deleted - quarantined
C:\Users\Sean\Documents\uTorrent\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Sean\Documents\uTorrent\updates\3.3.1_30017.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Sean\Downloads\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
It seems to be running alright but as the problem I have been having seems completely random. It just now as I am typing this started up again then it stopped quickly. A process called Service Host: Local System(6, 12, 16, 4, 17 it is one of these numbers after it) Network Restricted and System are still shown as what is taking up most of it. I have no idea why it is doing that because the only applications I have open are Malware Bytes and my browser and it has separate numbers for those. So still having the problem it seems :/ Idk what else to try next. Thank you for your continued patience with me. It is very much appreciated. 
Sean


#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 30 July 2015 - 03:33 PM

Let's see if this tool finds anything...

Kaspersky Virus Removal Tool

4n7CEPj.jpgPlease download Kaspersky Virus Removal Tool from here.
  • Right click on NfpAe5Z.jpg and select Run as Administrator.
  • Read the EULA, then select Accept.
  • Wait for Kaspersky Virus Removal Tool to initialize.
  • In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  • Click Start scan.
  • Wait for Kaspersky Virus Removal Tool to complete scanning.
  • When the scan is finished, select Neutralize all for all detected objects.
  • Close Kaspersky Virus Removal Tool when done.
Let me know if it found anything.

Regards,
Alex

#13 Irishforever

Irishforever
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 30 July 2015 - 11:49 PM

I ran that(took about 7 hours) and got this as the final thing. There were 6 files it brought up and they seem to be old toolbars. http://imgur.com/qZM0eGd I clicked on Neutralize All and then closed it. I have not had a problem(it's been 10 min since it finished) but I won't know if it is fixed unless it does it again. Is there anything else you suggest I should do to make sure or another scan to run. Thanks again for all your help. It is very much appreciated.

Sean



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:58 AM

Posted 31 July 2015 - 02:30 AM

Hi there,

Please continue to monitor svchost.exe and see if it eats up memory again. Otherwise you should be fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users