Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rogue svchost?


  • Please log in to reply
30 replies to this topic

#1 bubba888

bubba888

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 13 August 2016 - 09:19 AM

hey.... i've got a seemingly rogue svchost.exe that often chews up 24% or more of my CPU for hours on end (thinkpad L530, win7, up-to-date).  i smell a rat.  (or bug.)

 

process explorer¹ shows the stack as....

 

winnt --> services --> svchost --> taskeng --> MCPlaunch

 

i just ran windows update & rebooted.  that stack's running right now with the svchost behaving itself ( <1% cpu ).  but if history is predictor, it's gonna ramp up to 24% or more within 24 hours, and then stay at that level kinda indefinitely.

 

sound familiar / suspicious to anyone?  suggestions?  tia.

 

¹ in case it helps, here's a process explorer snip showing the stack in question.



BC AdBot (Login to Remove)

 


#2 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 13 August 2016 - 09:23 AM

ps....

i've run Microsoft Security Essentials a few times -- no issues.  i've also got Malwarebytes Anti-Malware Premium running, and have scanned coupla times with that -- again, no issues.



#3 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 13 August 2016 - 09:55 AM

According to the web that is a Lenovo process used to find updates for your computer. It will likely show up in the lists asked for below

and can be Disabled / Deleted or uninstalled.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 13 August 2016 - 02:40 PM

thanks for the suggestions.  here's the stuff you asked for.

 

startup-->windows

Yes    HKCU:Run    ApplePhotoStreams    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Google Update    Google Inc.    "C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes    HKCU:Run    iCloudDrive    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Yes    HKCU:Run    iCloudServices    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes    HKCU:Run    NETGEARGenie    NETGEAR Inc.    "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
Yes    HKCU:Run    ywyjios        rundll32 "C:\Users\dan\AppData\Local\ywyjios.dll",ywyjios
Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    BrMfcWnd    Brother Industries, Ltd.    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
Yes    HKLM:Run    Classic Start Menu    IvoSoft    C:\Program Files\Classic Shell\ClassicStartMenu.exe
Yes    HKLM:Run    ControlCenter3    Brother Industries, Ltd.    C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
Yes    HKLM:Run    Dolby Advanced Audio v2    Dolby Laboratories Inc.    "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
Yes    HKLM:Run    ETDCtrl    ELAN Microelectronics Corp.    %ProgramFiles%\Elantech\ETDCtrl.exe
Yes    HKLM:Run    Fastboot    Lenovo    C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    Intel AppUp(SM) center    Intel Corporation    "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    Lenovo Registration    Lenovo, Inc.    C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
Yes    HKLM:Run    LENOVO.TPKNRRES    Lenovo Group Limited    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
Yes    HKLM:Run    MSC    Microsoft Corporation    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    PWMTRV        rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Yes    HKLM:Run    RealDownloader    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Yes    HKLM:Run    RotateImage    Ricoh co.,Ltd.    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
Yes    HKLM:Run    RtHDVBg_Dolby    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes    HKLM:Run    TkBellExe    RealNetworks, Inc.    "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
Yes    HKLM:Run    TpShocks    Lenovo.    TpShocks.exe
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    Startup Common    Image Transfer Utility.lnk    CANON INC.    C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
Yes    Startup Common    ImageBrowser EX Agent.lnk        C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
Yes    Startup Common    RealTimes.lnk    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe

 

startup-->scheduled tasks

Yes    Task    Apple Diagnostics    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DiskUpdate        C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
Yes    Task    G2MUpdateTask-S-1-5-21-852295024-3811623207-348984933-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\dan\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe
Yes    Task    G2MUploadTask-S-1-5-21-852295024-3811623207-348984933-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\dan\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskUserS-1-5-21-852295024-3811623207-348984933-1000Core    Google Inc.    C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-852295024-3811623207-348984933-1000UA    Google Inc.    C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    RealDownloader Update Check    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes    Task    RealDownloaderDownloaderScheduledTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes    Task    RealDownloaderRealUpgradeLogonTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes    Task    RealDownloaderRealUpgradeScheduledTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    ReclaimerUpdateFiles_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /UpdateFiles
Yes    Task    ReclaimerUpdateXML_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /UpdateXML
Yes    Task    RNUpgradeHelperLogonPrompt_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /prompt os_boot
Yes    Task    RNUpgradeHelperResumePrompt_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /prompt os_resume
Yes    Task    task mgr    Microsoft Corporation    taskmgr.exe
Yes    Task    {191533A4-D941-4F96-91EB-0ED994F9F56B}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\dan\Documents\ps121v2_v2_0_2\SetupWizard.exe -d C:\Users\dan\Documents\ps121v2_v2_0_2

 

startup-->context window

Yes    Directory    GDContextMenu    Google    C:\Program Files (x86)\Google\Drive\contextmenu64.dll
Yes    File    GDContextMenu    Google    C:\Program Files (x86)\Google\Drive\contextmenu64.dll
Yes    File    Lenovo SimpleTap    Lenovo    C:\Program Files\Lenovo\SimpleTap\shellext64.dll
Yes    File    MBAMShlExt    Malwarebytes    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes    File    NP8ShellExtension    Nitro PDF    C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll
Yes    File    PhotoStreamsExt    Apple Inc.    C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
Yes    File    SugarSync    SugarSync, Inc.    C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll
Yes    File    {4A7C4306-57E0-4C0C-83A9-78C1528F618C}    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll
Yes    Folder    MBAMShlExt    Malwarebytes    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes    Folder    SugarSync    SugarSync, Inc.    C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll

 

startup-->installed programs

Adobe AIR    Adobe Systems Incorporated    9/14/2015        18.0.0.180
Adobe Flash Player 22 NPAPI    Adobe Systems Incorporated    7/16/2016    19.1 MB    22.0.0.209
Adobe Reader XI (11.0.12)    Adobe Systems Incorporated    8/18/2015    236 MB    11.0.12
Amazon Kindle    Amazon    5/16/2016        1.16.0.44025
Apple Application Support (32-bit)    Apple Inc.    6/30/2015    94.2 MB    3.1.3
Apple Application Support (64-bit)    Apple Inc.    6/30/2015    107 MB    3.1.3
Apple Mobile Device Support    Apple Inc.    6/30/2015    27.9 MB    8.1.1.3
Apple Software Update    Apple Inc.    9/18/2013    2.38 MB    2.1.3.127
Bonjour    Apple Inc.    10/12/2013    2.00 MB    3.0.0.10
Brother MFL-Pro Suite MFC-3360C    Brother Industries, Ltd.    9/6/2013        1.0.3.0
CamStudio OSS Desktop Recorder    CamStudio Open Source Dev Team    3/30/2014    14.9 MB    2.6 Beta r294
Canon Utilities CameraWindow DC 8    Canon Inc.    3/12/2014        8.10.0.16
Canon Utilities ImageBrowser EX    Canon Inc.    11/11/2013        1.3.0.5
CCleaner    Piriform    8/13/2016        5.20
Citrix Online Launcher    Citrix    9/11/2015    302 KB    1.0.335
Classic Shell    IvoSoft    8/22/2013    7.07 MB    3.6.8
Corel Burn.Now Lenovo Edition    Corel Corporation    8/8/2013    80.9 MB    4.5.0
Corel DVD MovieFactory Lenovo Edition    Corel Corporation    8/8/2013    318 MB    7.0.0
Corel WinDVD    Corel Inc.    8/8/2013    302 MB    10.0.6.385
Create Recovery Media    Lenovo Group Limited    8/8/2013    8.08 MB    1.20.0.00
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7        8/9/2013        1.00
Dolby Advanced Audio v2    Dolby Laboratories Inc    8/8/2013    12.9 MB    7.2.7000.7
EMET 5.2    Microsoft Corporation    6/2/2015    22.8 MB    5.2
ESET Online Scanner v3        11/6/2014       
Evernote v. 4.2.3    Evernote Corp.    8/8/2013    139 MB    4.2.3.15
ExpressCache    Diskeeper Corporation    8/8/2013    5.13 MB    1.0.82
Google Drive    Google, Inc.    6/1/2016    35.2 MB    1.30.2170.0459
Google Earth    Google    6/24/2015    179 MB    7.1.5.1557
Google Talk Plugin    Google    12/16/2015    15.1 MB    5.41.3.0
GoToMeeting 7.21.0.5387    CitrixOnline    8/11/2016        7.21.0.5387
HP ENVY 7640 series Basic Device Software    Hewlett-Packard Co.    9/9/2015    213 MB    34.2.117.50647
HP ENVY 7640 series Help    Hewlett Packard    9/9/2015    16.2 MB    34.0.0
HP Photosmart Premium C309g-m All-in-One Driver 14.0 Rel. 6    HP    1/27/2015        14.0
HP Update    Hewlett-Packard    9/9/2015    4.04 MB    5.005.002.002
iCloud    Apple Inc.    10/21/2014    90.3 MB    4.0.3.56
Integrated Camera Driver Installer Package Ver.1.2.1.16    RICOH    8/8/2013        1.2.1.16
Intel AppUp(SM) center    Intel    8/9/2013        3.6.1.33057.10
Intel® Control Center    Intel Corporation    8/9/2013        1.2.1.1007
Intel® Management Engine Components    Intel Corporation    8/9/2013        8.0.3.1427
Intel® OpenCL CPU Runtime    Intel Corporation    8/9/2013       
Intel® Processor Graphics    Intel Corporation    8/18/2015        9.17.10.2843
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    8/9/2013        1.0.4.220
Intel® Trusted Connect Service Client    Intel Corporation    8/8/2013    10.6 MB    1.23.605.1
iTunes    Apple Inc.    6/30/2015    233 MB    12.1.2.27
Lenovo Auto Scroll Utility        9/16/2013        2.02
Lenovo Communications Utility    Lenovo    6/7/2014    17.2 MB    3.1.10.0
Lenovo On Screen Display    Lenovo    4/14/2016    56.0 MB    8.80.05
Lenovo Power Management Driver    Lenovo    8/18/2015    10.2 MB    1.67.10.19
Lenovo Registration    Lenovo Inc.    8/8/2013    4.09 MB    1.0.3
Lenovo SimpleTap    Lenovo Group Limited    8/8/2013    33.4 MB    3.2.0005.00
Lenovo Solution Center    Lenovo    7/14/2016    139 MB    3.3.003.00
Lenovo System Update    Lenovo    6/14/2016    17.6 MB    5.07.0029
Lenovo User Guide    Lenovo Group Limited    8/8/2013    606 KB    1.0.0009.00
Lenovo Warranty Information    Lenovo    8/8/2013    861 KB    1.0.0005.00
Lenovo Welcome    Lenovo Group Limited    8/8/2013    9.23 MB    3.1.0020.00
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    4/11/2016    66.8 MB    2.2.1.1043
Message Center Plus    Lenovo Group Limited    8/8/2013    3.59 MB    3.1.0004.00
Microsoft .NET Framework 4.5.2    Microsoft Corporation    8/18/2015    38.8 MB    4.5.51209
Microsoft Security Essentials    Microsoft Corporation    2/29/2016        4.9.218.0
Microsoft Silverlight    Microsoft Corporation    6/29/2016    398 MB    5.1.50428.0
Microsoft SkyDrive    Microsoft Corporation    6/20/2014    25.1 MB    16.4.6012.0828
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    8/8/2013    1.69 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    8/23/2013    298 KB    8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)    Microsoft Corporation    8/8/2013    708 KB    8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    8/8/2013    252 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    8/8/2013    784 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    8/23/2013    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    8/8/2013    596 KB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    8/8/2013    228 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    8/8/2013    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    3/21/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    3/21/2015    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    1/22/2016    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    2/11/2016    17.3 MB    11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    3/21/2015        10.0.50903
Microsoft Word 2013 - en-us    Microsoft Corporation    7/22/2016        15.0.4841.1002
Mozilla Firefox 47.0 (x86 en-US)    Mozilla    6/11/2016    92.0 MB    47.0
Mozilla Maintenance Service    Mozilla    6/11/2016    341 KB    47.0.0.5999
Mozilla Thunderbird 45.2.0 (x86 en-US)    Mozilla    7/17/2016    83.7 MB    45.2.0
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    8/23/2013    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    8/23/2013    1.33 MB    4.20.9876.0
NETGEAR Genie    NETGEAR Inc.    8/21/2014        2.3.1.25
NETGEAR Live Parental Controls Management Utility 2.1.5        5/18/2014        2.1.5
Nitro Pro 8    Nitro    8/8/2013    269 MB    8.0.10.9
OpenOffice 4.0.0    Apache Software Foundation    8/23/2013    342 MB    4.00.9702
Pdf995        4/14/2014        14.2s
Power Manager    Lenovo Group Limited    5/14/2016        6.68.10
RapidBoot HDD Accelerator    Lenovo    8/9/2013        1.00.0802
RapidBoot Shield    Lenovo    8/8/2013    23.3 MB    1.23
RealPlayer (RealTimes)    RealNetworks    6/21/2016    91.7 MB    18.1.4
Realtek Ethernet Controller Driver    Realtek    8/8/2013        7.50.1123.2011
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    8/8/2013        6.0.1.6602
Realtek PCIE Card Reader    Realtek Semiconductor Corp.    8/8/2013        6.1.7601.29011
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7        8/9/2013        1.00
SketchUp 2015    Trimble Navigation Limited    12/6/2014    307 MB    15.1.106
Skype Click to Call    Microsoft Corporation    10/15/2015    13.1 MB    7.5.0.9082
Skype™ 7.17    Skype Technologies S.A.    1/8/2016    79.2 MB    7.17.105
Sonos Controller    Sonos, Inc.    7/2/2015    32.3 MB    28.1.86200
SugarSync Manager    SugarSync, Inc.    8/9/2013        1.9.61.90905
TaxACT 2013 - 1040 Edition    TaxACT, Inc.    4/12/2014       
TaxACT 2013 New York    TaxACT, Inc.    4/12/2014       
TaxAct 2015 1040 Edition    TaxAct, Inc.    3/17/2016        1.06
TaxAct 2015 New York    TaxAct, Inc.    3/17/2016        1.04
ThinkPad UltraNav Driver    ELAN Microelectronic Corp.    8/9/2013        10.4.8.3
ThinkPad Wireless LAN Adapter Software    REALTEK Semiconductor Corp.    8/8/2013        1.00.0031.1
ThinkVantage Active Protection System    Lenovo    8/8/2013    15.9 MB    1.76
VIP Access    VeriSign    8/8/2013    35.8 MB    2.0.5.13
Windows Driver Package - ELAN (ETD) Mouse  (05/16/2012 10.4.8.3)    ELAN    8/9/2013        05/16/2012 10.4.8.3
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032)    Intel    8/9/2013        11/29/2011 11.0.0.1032
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)    Lenovo    8/9/2013        02/29/2012 1.65.05.20
Windows Live Essentials    Microsoft Corporation    8/8/2013        16.4.3505.0912
 

 



#5 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 13 August 2016 - 03:20 PM

This Windows Startup is identified as a trojan....... Yes    HKCU:Run    ywyjios        rundll32 "C:\Users\dan\AppData\Local\ywyjios.dll",ywyjios

See Ransom!AF0D4A477AA9 | Virus Profile & Definition | McAfee Inc.

 

Best to run scans using the programs below. I will offer more suggestions for the lists after the scans are completed and logs are posted by you.

 


Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 13 August 2016 - 03:33 PM

i saw ywyjios and guessed that it wasn't my friend.... can i just disable / delete with ccleaner?



#7 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 13 August 2016 - 04:19 PM

You can delete....but I prefer to run those programs first to see if they find it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 13 August 2016 - 05:15 PM

deleted it, just for fun.

after i shutdown protection s/w in the above, when do i get to restart it?


# AdwCleaner v6.000 - Logfile created 13/08/2016 at 17:58:17
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-13.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : dan - CORK
# Running from : C:\Users\dan\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\dan\AppData\Local\Downloaded Installers


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKU\S-1-5-21-852295024-3811623207-348984933-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-852295024-3811623207-348984933-1000\Software\SoftSuma
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\SoftSuma
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1507 Bytes] - [13/08/2016 17:58:17]
C:\AdwCleaner\AdwCleaner[R0].txt - [6397 Bytes] - [06/11/2014 15:38:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [6578 Bytes] - [06/11/2014 15:41:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [1846 Bytes] - [13/08/2016 17:57:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1799 Bytes] ##########
 



#9 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 13 August 2016 - 06:06 PM

Any security program you shut down to run JRT you can restart after the scan and reboot...if necessary...is complete. It wouldn't be a bad idea

to leave Security Essentials shut down until Eset finishes its scan.

 

I'm a bit surprised that MBAM didn't find that trojan.....it is listed among the 30 or so programs that does find it.

 

If you haven't started the Eset scan...you can uninstall Lenovo Solution Center    Lenovo    7/14/2016    139 MB    3.3.003.00 which will likely

take care of the original problem. I think Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

in your Windows Startups is part of that program. You can disable or delete it if the uninstall doesn't remove it.


Edited by buddy215, 14 August 2016 - 05:00 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 August 2016 - 11:36 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by dan (Administrator) on Sun 08/14/2016 at 12:24:14.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 49

Successfully deleted: C:\Users\dan\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S8KEG8H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NIVA30V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GY2UJJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9UOUKU3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCM6MQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D23W4IXY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUWO29AI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQQM6N56 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8ZLTZOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGGNYU1X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J68TPKPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYC3QAEJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3WPS3TF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OK9DQQLH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP1HNIU1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PPEQBT5E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTN3VX0K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S978Y8JT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZ03RH9J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9EZ8630 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRSPGRN8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHELQJQU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSWV2EYZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOP00UZ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S8KEG8H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NIVA30V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GY2UJJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9UOUKU3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNCM6MQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D23W4IXY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUWO29AI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQQM6N56 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8ZLTZOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGGNYU1X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J68TPKPF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYC3QAEJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3WPS3TF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OK9DQQLH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP1HNIU1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PPEQBT5E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTN3VX0K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S978Y8JT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZ03RH9J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9EZ8630 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRSPGRN8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHELQJQU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSWV2EYZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOP00UZ5 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/14/2016 at 12:25:43.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 14 August 2016 - 12:18 PM

Suggest Disabling these Startups:

es    HKCU:Run    ApplePhotoStreams    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKCU:Run    iCloudDrive    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Yes    HKCU:Run    iCloudServices    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

Yes    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    BrMfcWnd    Brother Industries, Ltd.    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

Yes    HKLM:Run    ControlCenter3    Brother Industries, Ltd.    C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

Yes    HKLM:Run    Fastboot    Lenovo    C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    Intel AppUp(SM) center    Intel Corporation    "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    Lenovo Registration    Lenovo, Inc.    C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

Yes    HKLM:Run    RealDownloader    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

Yes    HKLM:Run    TkBellExe    RealNetworks, Inc.    "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

Yes    Startup Common    Image Transfer Utility.lnk    CANON INC.    C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
Yes    Startup Common    ImageBrowser EX Agent.lnk        C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
Yes    Startup Common    RealTimes.lnk    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe

 

Disable these Tasks:

Yes    Task    Apple Diagnostics    Apple Inc.    C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe

Yes    Task    G2MUpdateTask-S-1-5-21-852295024-3811623207-348984933-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\dan\AppData\Local\Citrix\GoToMeeting\5387\g2mupdate.exe
Yes    Task    G2MUploadTask-S-1-5-21-852295024-3811623207-348984933-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\dan\AppData\Local\Citrix\GoToMeeting\5387\g2mupload.exe

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskUserS-1-5-21-852295024-3811623207-348984933-1000Core    Google Inc.    C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-852295024-3811623207-348984933-1000UA    Google Inc.    C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    RealDownloader Update Check    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe /scheduler
Yes    Task    RealDownloaderDownloaderScheduledTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
Yes    Task    RealDownloaderRealUpgradeLogonTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /logoncheck
Yes    Task    RealDownloaderRealUpgradeScheduledTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe /scheduledcheck
Yes    Task    RealPlayerRealUpgradeLogonTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
Yes    Task    RealPlayerRealUpgradeScheduledTaskS-1-5-21-852295024-3811623207-348984933-1000    RealNetworks, Inc.    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
Yes    Task    ReclaimerUpdateFiles_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /UpdateFiles
Yes    Task    ReclaimerUpdateXML_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /UpdateXML
Yes    Task    RNUpgradeHelperLogonPrompt_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /prompt os_boot
Yes    Task    RNUpgradeHelperResumePrompt_dan        C:\Users\dan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe /prompt os_resume

Yes    Task    {191533A4-D941-4F96-91EB-0ED994F9F56B}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\dan\Documents\ps121v2_v2_0_2\SetupWizard.exe -d C:\Users\dan\Documents\ps121v2_v2_0_2

NOTE: This item......Yes    Task    task mgr    Microsoft Corporation    taskmgr.exe......I've not seen in a list of Tasks before. I will ask one of our staff about this.

 

Uninstall these programs:

Adobe AIR    Adobe Systems Incorporated    9/14/2015        18.0.0.180

Adobe Reader XI (11.0.12)    Adobe Systems Incorporated    8/18/2015    236 MB    11.0.12 (UNinstall or update)

ESET Online Scanner v3        11/6/2014      (this is an old version....did it update before you scanned with it?)

Lenovo Solution Center    Lenovo    7/14/2016    139 MB    3.3.003.00

Message Center Plus    Lenovo Group Limited    8/8/2013    3.59 MB    3.1.0004.00

Mozilla Firefox 47.0 (x86 en-US)    Mozilla    6/11/2016    92.0 MB    47.0 (UNinstall or UPdate...Open FF > Help > About > Update)

Skype Click to Call    Microsoft Corporation    10/15/2015    13.1 MB    7.5.0.9082


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 August 2016 - 01:22 PM

ESET results

C:\xxx\tempd\PS_AIO_06_C309g-m_USW_Full_Win_WW_140_175-4.exe    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
 

i'd like to click the "delete quarantined" box before "finish" -- ok?



#13 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 August 2016 - 01:23 PM

tx v.much for your help!  so far, things seem to be running leaner & faster.



#14 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 14 August 2016 - 01:35 PM

Hopefully your original problem of excessive cpu usage is solved. If not, please let me know. You're welcome.

 

Uninstalling Eset or deleting the quarantine files should both do what you want.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 bubba888

bubba888
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 August 2016 - 01:46 PM

yes, i'm pretty sure that ESET updated






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users