Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected? What do I need to do?


  • Please log in to reply
27 replies to this topic

#16 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 15 April 2018 - 08:45 PM

Here is the Adware file. # ------------------------------- # Malwarebytes AdwCleaner 7.1.0.0 # ------------------------------- # Build: 04-12-2018 # Database: 2018-04-15.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-15-2018 # Duration: 00:00:03 # OS: Windows 10 Pro # Cleaned: 24 # Failed: 2 ***** [ Services ] ***** Deleted Update service ***** [ Folders ] ***** Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\AndersonB\AppData\Local\slimware utilities inc ***** [ Files ] ***** Deleted C:\Windows\System32\drivers\swdumon.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5FD3A8DC-D978-47BD-9300-FFAA135E91A8} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{737E3B99-2016-44C4-8AFF-9BBD098FDD2C} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9E740258-E572-4AFF-B9CB-B75D6C2F43E0} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6EB79222-36ED-4271-AFCA-AB2BB2899C30} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D878DF79-8A1F-45CA-96E7-9604FC0DC1C7} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EB3962D4-5136-4A8F-8F5A-CAC771E6C682} Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qq.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mp.weixin.qq.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qq.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mp.weixin.qq.com Deleted HKCU\Software\PRODUCTSETUP Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\csnpe-nslsc.cibletudes-canlearn.ca Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\csnpe-nslsc.cibletudes-canlearn.ca Deleted HKCU\Software\SlimWare Utilities Inc Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\free-5kplayer.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\free-5kplayer.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

BC AdBot (Login to Remove)

 


#17 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 10:47 AM

Sophos is not picking anything up. They also did not give me a log file. I have rerun the adware and there is still one PUP that wont go to quarantine. I have attached it here.

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-16.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-16-2018
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   1

***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\csnpe-nslsc.cibletudes-canlearn.ca
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.

*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########


#18 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 AM

Posted 16 April 2018 - 12:42 PM

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#19 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 12:52 PM

I do not think my computer is clean. There is something still remotely accessing my computer. Can I attach pictures in here? I want to show you the reason why I think this. Also my CPU usage is always at 100% still.



#20 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 AM

Posted 16 April 2018 - 01:00 PM

Go ahead and give me a picture....
 
Also...
 
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7, 8 and 10 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#21 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 01:22 PM

http://db.tt/NQD9zNnmuz



#22 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 01:28 PM

 PID Description Company Name Command Line
System Idle Process 71.09 52 K 8 K 0   
System 0.94 152 K 148 K 4   
 Interrupts 0.36 0 K 0 K n/a Hardware Interrupts and DPCs  
 smss.exe  460 K 1,048 K 368   
 Memory Compression  396 K 66,356 K 2092   
csrss.exe  1,664 K 4,872 K 568   
wininit.exe  1,288 K 5,992 K 696   
 services.exe  5,256 K 9,740 K 748   
  svchost.exe  924 K 3,588 K 908 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
  svchost.exe  10,732 K 26,720 K 928 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
   unsecapp.exe  1,356 K 6,368 K 4868   
   WmiPrvSE.exe  6,588 K 14,948 K 4884   
   WmiPrvSE.exe  2,908 K 9,052 K 5088   
   ShellExperienceHost.exe Suspended 30,148 K 64,128 K 3212 Windows Shell Experience Host Microsoft Corporation "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
   SearchUI.exe Suspended 88,152 K 85,308 K 8416 Search and Cortana application Microsoft Corporation "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
   RuntimeBroker.exe  7,612 K 13,104 K 8528 Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
   RuntimeBroker.exe < 0.01 6,484 K 21,528 K 7140 Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
   ApplicationFrameHost.exe  14,996 K 31,424 K 9312 Application Frame Host Microsoft Corporation C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
   MicrosoftEdge.exe 0.05 33,312 K 87,188 K 9348 Microsoft Edge Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
   browser_broker.exe  4,828 K 27,924 K 9492 Browser_Broker Microsoft Corporation C:\WINDOWS\system32\browser_broker.exe -Embedding
   RuntimeBroker.exe  2,868 K 14,608 K 9652 Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
   MicrosoftEdgeCP.exe  6,268 K 23,488 K 9756 Microsoft Edge Content Process Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
   RuntimeBroker.exe  2,260 K 12,044 K 10060 Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
   dllhost.exe  2,460 K 10,460 K 9596 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
   MicrosoftEdgeCP.exe 0.11 143,656 K 175,760 K 10600 Microsoft Edge Content Process Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
   MicrosoftEdgeCP.exe  5,836 K 24,180 K 7644 Microsoft Edge Content Process Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
   RuntimeBroker.exe  8,196 K 30,720 K 1588 Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
   smartscreen.exe  23,524 K 38,304 K 10280 Windows Defender SmartScreen Microsoft Corporation C:\Windows\System32\smartscreen.exe -Embedding
   RuntimeBroker.exe  7,560 K 27,940 K 1212 Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
   Dropbox.UWP.exe < 0.01 47,104 K 110,176 K 7356 Dropbox.UWP  "C:\Program Files\WindowsApps\C27EB4BA.Dropbox_5.3.0.0_x64__xbfy0k16fey96\Dropbox.UWP.exe" -ServerName:App.AppX8ng0344bf27yx8cacwkpsmscb31efmth.mca
   MicrosoftEdgeCP.exe  54,124 K 100,276 K 9796 Microsoft Edge Content Process Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
   MicrosoftEdgeCP.exe  5,852 K 26,088 K 9048 Microsoft Edge Content Process Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
   MicrosoftEdgeCP.exe < 0.01 5,908 K 26,108 K 9220 Microsoft Edge Content Process Microsoft Corporation "C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
  svchost.exe 0.08 6,980 K 13,168 K 1016 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k RPCSS -p
  svchost.exe  2,164 K 7,080 K 344 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
  svchost.exe  1,652 K 6,476 K 1116 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
  svchost.exe  4,820 K 7,096 K 1124 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
  svchost.exe  3,004 K 11,604 K 1148 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
  svchost.exe  2,100 K 9,232 K 1180 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  2,316 K 7,068 K 1264 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  3,764 K 12,372 K 1272 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  17,172 K 12,688 K 1284 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  1,716 K 5,652 K 1368 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  2,976 K 7,764 K 1380 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService -p
  svchost.exe  1,888 K 7,372 K 1388 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
  svchost.exe  1,900 K 11,288 K 1436 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  4,272 K 11,420 K 1576 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService -p
  svchost.exe  1,728 K 7,688 K 1644 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
   ctfmon.exe  3,292 K 13,912 K 9020   
   TabTip.exe 0.12 7,552 K 19,560 K 9036   
    TabTip32.exe  1,408 K 4,652 K 9132   
  svchost.exe  1,856 K 7,872 K 1752 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  2,732 K 11,076 K 1760 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  1,924 K 7,108 K 1768 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
   dasHost.exe  3,808 K 12,844 K 2492   
  svchost.exe  9,880 K 15,400 K 1812 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
  svchost.exe  2,012 K 6,452 K 1824 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs -p
  svchost.exe  3,224 K 9,328 K 1896 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService -p
  svchost.exe < 0.01 2,808 K 12,148 K 1928 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  1,272 K 5,700 K 1936 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs -p
  svchost.exe  2,196 K 8,828 K 2068 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
   sihost.exe  7,620 K 31,940 K 7392 Shell Infrastructure Host Microsoft Corporation sihost.exe
  svchost.exe  1,872 K 7,680 K 2104 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  1,720 K 8,928 K 2112 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
  svchost.exe  2,292 K 7,416 K 2144 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  6,088 K 14,744 K 2168 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
   taskhostw.exe  9,660 K 19,768 K 7568 Host Process for Windows Tasks Microsoft Corporation taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
   taskhostw.exe  5,476 K 16,616 K 1800   
   GoogleUpdate.exe  1,984 K 256 K 7596   
  svchost.exe  2,864 K 11,460 K 2324 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe 0.15 5,760 K 13,420 K 2388 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k appmodel -p
  svchost.exe  1,724 K 5,908 K 2500 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  2,232 K 8,840 K 2516 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService -p
  WUDFHost.exe  2,160 K 7,740 K 2556   
  svchost.exe  6,472 K 15,812 K 2628 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  2,304 K 8,892 K 2656 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  WUDFHost.exe  3,376 K 11,616 K 2696   
  svchost.exe  2,200 K 11,544 K 2784 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs -p
  svchost.exe  1,536 K 6,484 K 2888 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs -p
  spoolsv.exe  6,872 K 16,216 K 2976 Spooler SubSystem App Microsoft Corporation C:\WINDOWS\System32\spoolsv.exe
  svchost.exe  1,724 K 6,656 K 1976 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
  svchost.exe  8,524 K 16,156 K 2176 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  2,596 K 6,900 K 2564 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  3,392 K 11,356 K 3100 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetSvcs -p
  armsvc.exe  1,380 K 6,344 K 3240 Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
  AdobeUpdateService.exe < 0.01 1,540 K 6,428 K 3276 Adobe Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
  AGSService.exe < 0.01 2,328 K 10,596 K 3284 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
  OfficeClickToRun.exe  14,864 K 25,972 K 3292 Microsoft Office Click-to-Run (SxS) Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
  svchost.exe  2,948 K 7,712 K 3312 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
  ERAAgent.exe < 0.01 25,120 K 41,268 K 3348 ESET Remote Administrator Agent Module ESET "C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe"
  IntelCpHDCPSvc.exe  1,480 K 6,852 K 3356 Intel HD Graphics Drivers for Windows® Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\64gh4811.inf_amd64_f02d96a3e7a6ed57\IntelCpHDCPSvc.exe
  ekrn.exe 0.01 176,912 K 94,180 K 3368 ESET Service ESET "C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe"
   egui.exe < 0.01 20,172 K 20,416 K 7376 ESET Main GUI ESET "C:\Program Files\ESET\ESET Endpoint Security\egui.exe" /hide
  FoxitConnectedPDFService.exe 0.03 3,628 K 13,716 K 3384 Foxit Reader ConnectedPDF Windows Service. Foxit Software Inc. "C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe"
  svchost.exe  7,888 K 20,152 K 3428 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k utcsvc -p
  hasplms.exe 0.04 21,208 K 12,180 K 3460 Sentinel LDK License Manager Service SafeNet Inc. C:\WINDOWS\system32\hasplms.exe -run
  IntelAudioService.exe  16,596 K 12,320 K 3468 IntelAudioService Intel C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe
  MBAMService.exe < 0.01 61,144 K 48,380 K 3512 Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
   mbamtray.exe < 0.01 18,308 K 28,032 K 7360 Malwarebytes Tray Application Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
  svchost.exe  13,112 K 17,536 K 3528 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p
  B1ClientAgent.exe  15,648 K 16,992 K 3636 SAP Business One Client Agent SAP "C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe"
  svchost.exe  1,568 K 6,196 K 3692 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
  SecurityHealthService.exe  4,524 K 14,124 K 3764 Windows Security Health Service Microsoft Corporation C:\WINDOWS\system32\SecurityHealthService.exe
  svchost.exe  1,848 K 7,324 K 3776 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
  SurfaceDtxService.exe  1,028 K 4,492 K 3784 Surface DTX Service Microsoft Corporation C:\WINDOWS\system32\SurfaceDtxService.exe
  SurfaceUsbHubFwUpdateService.exe  1,596 K 5,612 K 3812 Surface Usb Hub Firmware Update Service Microsoft Corporation C:\WINDOWS\System32\SurfaceUsbHubFwUpdateService.exe
  svchost.exe  1,256 K 5,448 K 3872 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  4,232 K 18,628 K 3880 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  1,292 K 5,220 K 4680 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService -p
  IntelCpHeciSvc.exe  3,916 K 9,760 K 4232 IntelCpHeciSvc Executable Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\64gh4811.inf_amd64_f02d96a3e7a6ed57\IntelCpHeciSvc.exe
  svchost.exe  1,524 K 5,652 K 5296 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  2,300 K 6,924 K 5520 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  2,500 K 10,720 K 5680 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
  svchost.exe  2,332 K 10,212 K 5696 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
  WUDFHost.exe  2,092 K 6,736 K 5736   
  svchost.exe  9,732 K 27,144 K 5804 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
  svchost.exe  5,120 K 17,112 K 7384 Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
  svchost.exe  5,632 K 25,324 K 7444 Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
  svchost.exe  3,272 K 14,660 K 7664 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  5,744 K 18,048 K 8356 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
  SearchIndexer.exe < 0.01 30,548 K 30,168 K 5168 Microsoft Windows Search Indexer Microsoft Corporation C:\WINDOWS\system32\SearchIndexer.exe /Embedding
  svchost.exe  3,696 K 12,536 K 8612 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService -p
  svchost.exe  3,276 K 6,904 K 10284 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
  SurfaceService.exe  1,636 K 6,640 K 2780 Surface Service Microsoft Corporation C:\WINDOWS\system32\SurfaceService.exe
  svchost.exe  2,560 K 9,340 K 3652 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  7,928 K 24,404 K 8664 Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k unistacksvcgroup
  svchost.exe  2,748 K 11,976 K 2408 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  1,292 K 5,996 K 9400 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  1,380 K 5,872 K 1496 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  3,060 K 10,412 K 8220 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation -p
  svchost.exe  2,024 K 6,052 K 2608 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k SDRSVC
  svchost.exe  2,004 K 10,020 K 8332 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService -p
  svchost.exe  3,328 K 12,196 K 8876 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
  svchost.exe  1,504 K 6,848 K 1160 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
  svchost.exe  1,756 K 6,936 K 10608 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -p
  svchost.exe  6,688 K 16,076 K 6404 Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService -p
 lsass.exe  9,396 K 22,264 K 776 Local Security Authority Process Microsoft Corporation C:\WINDOWS\System32\lsass.exe
 fontdrvhost.exe  1,768 K 3,240 K 960   
csrss.exe 0.16 2,408 K 5,372 K 756   
winlogon.exe  2,132 K 9,516 K 556   
 fontdrvhost.exe  5,144 K 12,616 K 760   
 dwm.exe 0.86 66,828 K 58,704 K 3404   
explorer.exe 24.71 2,181,412 K 2,202,108 K 7956 Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
 MSASCuiL.exe  1,936 K 9,288 K 10772 Windows Defender notification icon Microsoft Corporation "C:\Program Files\Windows Defender\MSASCuiL.exe"
 SurfaceDTX.exe  60,160 K 53,644 K 11020 Surface DTX  "C:\Windows\System32\SurfaceDTX.exe"
 procexp.exe  1,968 K 9,532 K 7332 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\AndersonB\Desktop\procexp.exe"
  procexp64.exe 1.28 24,248 K 61,144 K 5288 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\AndersonB\Desktop\procexp.exe"
GoogleCrashHandler.exe  1,720 K 36 K 5232   
GoogleCrashHandler64.exe  1,628 K 8 K 5260   


#23 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 AM

Posted 16 April 2018 - 02:56 PM

Not sure what your picture is about. Please explain.
 
As for CPU usage I don't see any 100% usage. The usage is just below 30%, which is on a higher note but not alarming.
Windows Explorer is actually using almost 25% of your CPU. I'm not sure why, but you can't blame it on some kind of infection since all our scans come up clean.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#24 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 03:01 PM

Thanks for your help. The picture shows what I thought to be two users on the computer that are not permitted by me. I am not sure what they are. 



#25 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 AM

Posted 16 April 2018 - 03:25 PM

Which two?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#26 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 03:32 PM

They both start with S-1-15-2-.... and a bunch of numbers. an you access that photo?



#27 karlderzzy

karlderzzy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 16 April 2018 - 04:30 PM

My computer just automatically signed me out of my Microsoft outlook and some error message saying that I am not set up for microsft azure AD came up when I tried to sigh back in.



#28 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 AM

Posted 16 April 2018 - 04:44 PM

"They both start with S-1-15-2-.... and a bunch of numbers."

Those are normal, default, standard Windows accounts. Everybody has those.

 

In any case...in this forum we make sure your computer is clean and it is.

As for any other issues I suggest new topic in Windows forum.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users