Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysWOW64 svchost.exe eating up all cpu


  • Please log in to reply
9 replies to this topic

#1 shadowplorith

shadowplorith

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 April 2018 - 03:05 PM

Hello

 

So for the last couple of weeks, a nameless program on task manager has been eating up all my cpu,making my computer run extremely hot and random popups that open google chrome when not used.When I open file location it takes me to svchost.exe in SysWOW64 and if i attempt to end task, it shuts off my computer.After hours of scans and driver updates, junk removal, etc... no solution was found. I did a quick search and found out that I might have a virus that my anti-virus scans could not find. 

I tried to download FRST but everytime i search it on my browser. my browser automatically shuts off. 

 

Would love to get some help for this issue

 

Thank you!


Edited by shadowplorith, 25 April 2018 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 April 2018 - 03:15 PM

Update: FRST links can be opened in safe mode but the program is automatically deleted when downloaded.


Edited by shadowplorith, 25 April 2018 - 04:49 PM.


#3 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 April 2018 - 05:54 PM

Update: Malawarebytes managed to delete a bunch of malware and adware which has allowed me to download and run FRST. 

Logs attatched

Attached Files



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:55 AM

Posted Yesterday, 06:56 AM

shadowplorith:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:55 AM

Posted Yesterday, 11:20 AM

shadowplorith:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Your high temperatures might be related to this running process:
 

HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [408576 2017-12-04] ()


See this link for more information.

.

:step2: Why is your computer still running Windows 10 Home, Build 1607? Please see this link for information on the Windows 10 Build cycle. Your version Build of Windows 10 Home is no longer being supported by Microsoft.

.

:step3: I would STRONGLY recommend that you uninstall these programs:

Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.3.3 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 58.0.171.84 - AVAST Software)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.3.0 - IObit)

Bleeping Computer does not recommend the use of driver updates, registry cleaners, or system optimizers. Please see this link. Moreover, this topic on the Avast Support Forum identifies this program as problematic. In fact, quietman7, one of the foremost computer security experts here at Bleeping Computer no longer recommends Avast products: see this link for more information.

You can see in the "FRST.txt" log that the Avast program has "messed" with the the Image File Execution Options (IFEO) in your registry. I am going to repair that damage. You can check this link and this link (and others) for more information.

Personally, I would never install Avast products on my computers.

It is your computer, so it is YOUR decision. Please let me know what you decide.

.

:step4: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

I would also recommend that you should also consider uninstalling the program: Ace Stream Media. See this link for more information. Please let me know what you decide.

.

:step5: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Handler: osf - No CLSID Value
CHR HKU\S-1-5-21-379715055-2264656514-1796656529-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
File: C:\Windows\system32\DRIVERS\DimensionSerialPort.sys
S3 WinRing0_1_2_0; \??\C:\Windows\Temp\sd119\SmartDashboard.sys [X]
File: C:\Windows\system32\asmtxhcicoinstaller.dll
File: C:\Users\Azizs\Desktop\LazyMan.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000177152 ____N (Microsoft Corporation) C:\Users\Azizs\EAISExLeUOyYi.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000058368 ____N (Microsoft Corporation) C:\Users\Azizs\AppData\Local\sjYIUa.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{0A0E2B96-2F30-4B4A-B061-EAF1AF319812}] => (Allow) C:\Windows\SysWOW64\HSiMOuT.exe
FirewallRules: [{D563130C-228C-491E-9E17-B25ABFF54421}] => (Allow) C:\Users\Azizs\AppData\Local\sjYIUa.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted Yesterday, 01:12 PM

Hello and thank you so much for your reply, I really do appreciate this. 

 

I have deleted league displays, Avast, the driver updaters, Ace stream and Utorrent. 

 

I have attached the Fixlog

 

Thanks Again!

Attached Files


Edited by shadowplorith, Yesterday, 01:12 PM.


#7 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted Yesterday, 01:26 PM

Update: Since I did the fix, games are not able to load. Guessing that they're not getting any internet connection yet youtube can load HD videos without buffeting. Emptyproject11.exe is not using up any CPU as well but is still open. 



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:55 AM

Posted Yesterday, 01:27 PM

shadowplorith:
 
Thank you for your post.  I am really happy to learn that you have decided to remove those programs that I suggested because they are either malware; or, they are responsible for malware infections. :thumbup2:
 
Please COPY and PASTE all future requested logs into your replies, UNLESS I otherwise request.  It makes it so much easier for me to analyze and for others to see what was done.  That is why I am copying and pasting it into my response to you, though I would ask that you do not use "quote" or "code" boxes.  I am only using the "quote" box so that it avoids confusion for people reading this thread, since I did not run this FRST "fixlist" script.


Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Azizs (26-04-2018 14:08:23) Run:2
Running from C:\Users\Azizs\Desktop
Loaded Profiles: Azizs (Available Profiles: defaultuser0 & Azizs)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Handler: osf - No CLSID Value
CHR HKU\S-1-5-21-379715055-2264656514-1796656529-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
File: C:\Windows\system32\DRIVERS\DimensionSerialPort.sys
S3 WinRing0_1_2_0; \??\C:\Windows\Temp\sd119\SmartDashboard.sys [X]
File: C:\Windows\system32\asmtxhcicoinstaller.dll
File: C:\Users\Azizs\Desktop\LazyMan.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000177152 ____N (Microsoft Corporation) C:\Users\Azizs\EAISExLeUOyYi.exe
2016-07-16 07:43 - 2016-07-16 07:43 - 000058368 ____N (Microsoft Corporation) C:\Users\Azizs\AppData\Local\sjYIUa.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{0A0E2B96-2F30-4B4A-B061-EAF1AF319812}] => (Allow) C:\Windows\SysWOW64\HSiMOuT.exe
FirewallRules: [{D563130C-228C-491E-9E17-B25ABFF54421}] => (Allow) C:\Users\Azizs\AppData\Local\sjYIUa.exe
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AcroRd32.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\appvlp.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\groove.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lync.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msaccess.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoev.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msotd.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msouc.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoxmled.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mspub.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ocpubmgr.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onenote.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\outlook.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setlang.exe => not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\WINDOWS\system32\GroupPolicy\User" => not found
HKLM\Software\Classes\PROTOCOLS\Handler\osf => not found
HKU\S-1-5-21-379715055-2264656514-1796656529-1002\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => not found
 
========================= File: C:\Windows\system32\DRIVERS\DimensionSerialPort.sys ========================
 
C:\Windows\system32\DRIVERS\DimensionSerialPort.sys
File is digitally signed
MD5: C45083FCD9AC301530C0D7206F3F15E6
Creation and modification date: 2016-07-26 22:04 - 2016-07-26 22:04
Size: 000024576
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: https://www.virustotal.com/file/ce72ee9cc9716dc7ccee48a7b1bf9896b610eb2770fad35f4e4f995505e5daf7/analysis/1521360482/
 
====== End of File: ======
 
WinRing0_1_2_0 => service not found.
 
========================= File: C:\Windows\system32\asmtxhcicoinstaller.dll ========================
 
C:\Windows\system32\asmtxhcicoinstaller.dll
File is digitally signed
MD5: 0C049F598938991546A58C58AE07D92D
Creation and modification date: 2018-04-25 15:14 - 2018-04-25 15:14
Size: 000028016
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: https://www.virustotal.com/file/017a5282306014fbfd86352995f0da2568798b0b0fa9311878ae9bd4e90688a0/analysis/1516806242/
 
====== End of File: ======
 
 
========================= File: C:\Users\Azizs\Desktop\LazyMan.exe ========================
 
C:\Users\Azizs\Desktop\LazyMan.exe
File not signed
MD5: 5C50C2D29E83CB863ED301B431D0E01C
Creation and modification date: 2017-11-11 20:23 - 2018-04-11 19:45
Size: 011359809
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
"C:\Users\Azizs\EAISExLeUOyYi.exe" => not found
"C:\Users\Azizs\AppData\Local\sjYIUa.exe" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A0E2B96-2F30-4B4A-B061-EAF1AF319812}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D563130C-228C-491E-9E17-B25ABFF54421}" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 14:08:47 ====

 
.
 
:step1: Are you familiar with the program lazyman.exe on your Desktop?
 
.
 
:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:55 AM

Posted Yesterday, 01:34 PM

shadowplorith:

 

Thank you for your post.  I am not sure why your games are not loading. :scratchhead:

 

If you check the FRST "fixlog.txt" file that I copied and pasted in my previous reply, you can see that, as a result of you uninstalling Avast and the other programs, virtually the entire script could not find the files or registry subkeys that I had targeted with the script?

 

Let's proceed, as planned, and scan your computer for malware, first with ESET and then later with some more standard anti-malware scanners before dealing with outstanding computer issues.  Often removing malware solves a lot of issues. :)

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 shadowplorith

shadowplorith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted Yesterday, 10:14 PM

Thank you for your quick reply, sorry the scan took a while. 

 

Here is the log:

C:\Users\Azizs\Desktop\Jackbox.Party.Pack.2\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Users\Azizs\Downloads\COD4-MW_patch.exe Win32/Keygen.DK potentially unsafe application cleaned by deleting
C:\Users\Azizs\Downloads\CODMW2_patch_iw4x-054.exe a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
C:\Users\Azizs\Downloads\monero-gui-win-x64-v0.11.0.0.zip a variant of Win64/CoinMiner.JI potentially unwanted application deleted
C:\Users\Azizs\Downloads\monero-gui-win-x64-v0.11.1.0.zip a variant of Win64/CoinMiner.JI potentially unwanted application deleted
C:\Users\Azizs\Downloads\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application cleaned by deleting
C:\Users\Public\Documents\Downloaded Installers\{D606EFF9-3813-4875-B455-AECD2E7B0676}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted
C:\Windows\System32\SppExtComObjHook.dll a variant of Win64/HackKMS.I potentially unsafe application cleaned by deleting
D:\Jackbox.Party.Pack.2.zip a variant of Win32/HackTool.Crack.DW potentially unsafe application deleted
D:\Call of Duty Modern Warfare\key-generator.exe Win32/Keygen.DK potentially unsafe application cleaned by deleting
D:\Call of Duty Modern Warfare 2 IW4PLAY MP+SP ^^nosTEAM^^\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
D:\Call of Duty Modern Warfare 2 IW4PLAY MP+SP ^^nosTEAM^^\Call of Duty Modern Warfare 2\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
D:\Grand Theft Auto V\steam_api64.dll Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
D:\Medieval II - Total War\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
D:\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application deleted
D:\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET] - Copy\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe a variant of MSIL/HackKMS.I potentially unsafe application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-blockchain-export.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-blockchain-import.exe a variant of Win64/CoinMiner.JI potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-wallet-cli.exe a variant of Win64/CoinMiner.GH potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monero-wallet-rpc.exe a variant of Win64/CoinMiner.GH potentially unwanted application cleaned by deleting
D:\monero-gui-0.11.0.0\monerod.exe a variant of Win64/CoinMiner.GG potentially unwanted application cleaned by deleting
D:\SEGA\Eastside Hockey Manager\steam_api.dll a variant of Win32/HackTool.Crack.EE potentially unsafe application cleaned by deleting
 
 
 
I do know that Lazyman.exe is in my desktop, I use it to stream hockey games. 
 
Thanks again 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users