Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm getting Adware Pop-Ups Hijack Chrome Browser; Win 7 Tool finds Corrupt Files


  • Please log in to reply
No replies to this topic

#1 musicbrain

musicbrain

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 18 February 2017 - 07:10 PM

I have had multiple problems, & Moderator Hamluis felt this should be transferred to Am I Infected, thinking the problems are Virus or Malware related.

 

----- Adware Popups in Chrome that lock the browser & greatly increase memory usage.  Have to force quit browser to get rid of Adware Popup

.  

----- McAfee seems to get involved, as one of its processes, McClientAnalytics.exe, will start using huge amounts of RAM, up to 2.5 GB.  If I remember correctly, also mcshield.exe is another process that can ramp up memory usage hugely.  Uninstalled it ; reinstalled it.  No difference.  Part of the time I can't bring McAfee up by clicking on it in taskbar or in programs; other times it will come up. Also, odd thing happened the first time this problem occurred.   If I clicked  little up arrow, rt. end of taskbar, McAfee logo shows, when I clicked on it, it tells me "An update is being installed.  Please wait until the McAfee is finished with the installation."  BUT nothing happens at all. 45 min. later same message; task mgr has barely any activity showing under Performance tab graph   Shutting down & restarting, McAfee will launch again.  Last night after reinstalling it, I ran a complete virus scan, which found nothing .  I have run multiple Malwarebytes scans that found nothing. 

 

----- Chrome uninstalled & reinstalled (though it leaves files in C: that I deleted, but they return immediately, & this is while Chrome is still uninstalled.  Reinstall, Chrome remembers all my bookmarks & preferences. Same Adware pops up after certain amount of time.  Tabs can be stable, but at times a tab may disappear on its own.  Sometimes, typing in the URL, www., it simply fills in a site I've been to before w/o me choosing it.

 

I had followed Moderator's  detailed instructions - ran MTB.  Could not paste results, as results go into Notepad & are too long,  Found I could save the Notepad file, & then add it as an attachment. Moderator embedded it into whole post (it is below) & deleted the attachment.  .

 

Please see all below, and I NEED HELP!

 

 

Mod Edit:  Pasted content of deleted attachment into post - Hamluis.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by lambie (administrator) on 16-02-2017 at 22:58:40
Running from "C:\Users\lambie\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: 810-145qe Manufacturer: Hewlett-Packard

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/16/2017 08:10:07 AM) (Source: HP Active Health) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/16/2017 12:47:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x1bbc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/16/2017 12:32:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x1d54
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/11/2017 12:05:46 PM) (Source: HP Active Health) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/08/2017 09:29:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x18d4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/08/2017 01:25:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x2650
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/07/2017 11:56:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x1f94
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/04/2017 02:14:41 PM) (Source: HP Active Health) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/04/2017 01:33:14 AM) (Source: HP Active Health) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it


Error: (02/04/2017 01:26:57 AM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014


System errors:
=============
Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:23 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:22 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:21 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Microsoft Office Sessions:
=========================
Error: (02/16/2017 08:10:07 AM) (Source: HP Active Health)(User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/16/2017 12:47:34 AM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec831bbc01d288205df2cb baC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllcb787547-f413-11e6-ac15-90489ad57630

Error: (02/16/2017 12:32:46 AM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec831d5401d28817dadc8a f4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllb9db97bf-f411-11e6-ac15-90489ad57630

Error: (02/11/2017 12:05:46 PM) (Source: HP Active Health)(User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/08/2017 09:29:24 PM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec8318d401d282413 e81f7fcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllf3810d67-ee77-11e6-b355-90489ad57630

Error: (02/08/2017 01:25:45 AM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec83265001d281d0a6 841f0cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllcda69822-edcf-11e6-89c4-90489ad57630

Error: (02/07/2017 11:56:25 PM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec831f9401d281b1e4e2 513cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll52ce1abe-edc3-11e6-89c4-90489ad57630

Error: (02/04/2017 02:14:41 PM) (Source: HP Active Health)(User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/04/2017 01:33:14 AM) (Source: HP Active Health)(User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (02/04/2017 01:26:57 AM) (Source: AVLogEvent)(User: NT AUTHORITY)
Description: a7f42014

CodeIntegrity Errors:
===================================
  Date: 2016-01-19 20:37:17.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-19 20:37:17.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{99D7329A-44AA-4D40-AA8D-0F5783C38B76}) (Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.2.0.0 - CANON INC.)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Canon MF240 Series (HKLM\...\{31DCD678-B363-43B7-AF3D-258D7376A129}) (Version: 5.2.0.0 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3907 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
E-TRADE Pro 1.12 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.12 - E*TRADE Financial)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.7165.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NVIDIA 3D Vision Driver 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA Graphics Driver 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{B1D45D48-A4D4-495F-A693-681EA9846754}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Ralink Bluetooth Stack64 (HKLM\...\{66C75C3D-11A0-E560-B1EC-0AC14B6012E3}) (Version: 9.0.730.1 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.2.0.0 - CANON INC.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.1 - Tweaking.com)
WD Quick View (HKLM-x32\...\{CF54EA13-0BA9-426A-A296-D108C9DBEFF3}) (Version: 2.4.13.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6E80972C-C76A-4CFB-AD8E-003BF777B7AA}) (Version: 2.4.13.7 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{30d59263-cfde-4ddb-9021-e280187620b2}) (Version: 2.4.13.7 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

========================= Memory info: ===================================
Percentage of memory in use: 36%
Total physical RAM: 8145.29 MB
Available physical RAM: 5144.38 MB
Total Virtual: 16288.76 MB
Available Virtual: 13230.12 MB

========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:1852.8 GB) (Free:1787.04 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.98 GB) (Free:1.22 GB) NTFS
4 Drive f: () (Removable) (Total:3.74 GB) (Free:3.31 GB) FAT32
5 Drive g: () (Removable) (Total:14.9 GB) (Free:0.79 GB) FAT32

========================= Users: ========================================
User accounts for \\TIGER
Administrator            Guest                    lambie                   


**** End of log ****
 

 

http://speccy.piriform.com/results/qiEvS0JwNHz6h7MybKmXlsS

 

_____________________________________________________________________

Reply from HAMLUIS:

 

I see no evidence of "high memory usage" in the Speccy data.  It's normal for a browser to have anything from 100MB of peak RAM usage, wth more usage reflected with each browser window open.  It's normal for an installed AV program to use somewhere around 300MB usage as it does what it's supposed to do.  Your reflected usage for these items is not abnormal.

 

You do have a svchost process reflecting 600MB peak RAM usage...which, IMO, should never be a showstopper for a 64-bit system with 8GB RAM installed.  You can investigate that process, if you like, by using a tool from Tweaking.com, Svchost.exe Tool .  Just double click the downloaded file and then click the refresh button at upper left...the result will show you what is running behind the servicehost processes.

 

In short...I see no evidence of high memory usage and I would look in other directions.

 

Hard drive SMART values look OK to me...no evidence of overheating with either the hard drive or the CPU.

 

Looking at the Event Viewer errors...McAfee and the security warning are flags for me.

 

I would move this topic to Am I Infected for a malware check...based on the absence of flags pointing in a different direction.

 

Louis

____________________________________________________________________________________________________

 

MY REPLY:

 

MORE DISCOVERIES: My McAfee Security Suite that I uninstalled (showing it was using 2.4G in one of the processes in Task Manager), when I reinstalled it, everything was fine. Then, later, the new install did the SAME thing - showing a similar huge usage figure. AND it locked up the computer. I could not access the browser I had opened, Chrome, nor could I close Chrome, nor could I access, again, McAfee, as clicking it would not bring anything up.

I had to force quit to shut down. Then, I restarted the computer, and now McAfee was working and not using such excessive memory. However, during the day, when I was opening a new tab, I noticed that the URL in Chrome, as I typed www. was automatically bring up the URL for wunderground.com with long extensions of the URL to bring me to the exact URL I access for my city, etc.

Then, suddenly a Malware or Virus message came up, which I have attached to this reply.

So, it appear to me that there is malware or a virus on my computer that needs to be found & removed. Why Malwarebytes doesn't find anything, nor does McAfee prevent this from happening, I don't know.

Please look at the screenshots I've attached. The one is clearly a Malware, Spyware popup & you have force quit the browser to avoid HAMLUIS felt after looking at all the MTB & Speecy stuff I ran & pasted, he noted that McAfee seemed to be showing many errors in the EVENT LOG ERRORS, which you can view embedded right in this post.

Please help me, as I don't know how to rid my computer of infection, w/o paying someone. I've also experienced that when I got HP to provide a free, normally-charged $100 for, SmartFriend software service, that half these techs are incompetent. The tech installed CCcleaner, BleepingComputer, ADWWare, & other programs, some of which I am not sure were safe, & simply RACED like mad, doing all sorts of things, and I believe he may have screwed with my Windows registry.

Thanks so much.

NOTE: I EDITED THIS WITH ADDITIONAL STEPS I TOOK BELOW, and the discovery of corrupt files in Windows 7. I would doubt this has anything to do with the McAfee issues Hamluis saw in my EventViewer results. But, as you can see below, I took Hamluis' suggestion I run Svchost.exe tool, which I ran per Microsoft's instructions from their Forums, and I can't fix these, as you will read below.
_______________________________________________________________________________________________

I ran the Svc.exe. I have W7Pro. I followed all the instructions, & I found that they DON'T work.


Here's what I did, per instructions, on command prompt, & I'm copying, verbatim, what responses I got, & my entries per instructions from the Microsoft Forum.

_____________________________________________________________________


C:\windows\system32>sfc /scannow


Beginning system scan. This process will take some time.


Beginning verification phase of system scan.

Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some of them.

Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example

C:\Windows\Logs\CBS\CBS.log


C:\windows/system32>findstr /c:"ESRI" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

___________________________________________________________________



So, I made two entries:

sfc /scannow

findstr /c:"ESRI" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"


You can see from my "findstr" entry, that I received no response; just another command prompt.

When I then read how I am supposed to fix the corrupt files; it makes no sense. First, how can this process expect that the user would have another computer with W7 on it? I don't, nor does anyone I know. Second, it does not tell you the actual process of HOW to actually get the uncorrupted files, even if one had another W7 computer to get them from. But, this is meaningless, b/c I have NO way to get another W7 computer, & it is ridiculous to expect someone to be able to do so. You don't find W7 computers in any libraries. You can't even BUY one. Third, the directions do not tell you where or how you actually replace your corrupted files with the uncorrupted ones.


I have Windows 7 Pro discs from HP, but I don't believe they will do me any good, unless I completely reinstall W7Pro, which I want to avoid at all costs. I already went through this when my hard drive was failing, & it was a nightmare I don't want to go through again.



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users