ARINEEDSHELP

forgive my frequent responses, ive also noticed the security permissions for these high cpu files i try to open are controlled by "Account Unknown(S-1-5-5-0-132729)" according to addition.txt, S-1-5-5-0 is not one of my users!

I keep trying to start it and somethings spiking it (shooting up the CPU, rendering frozen) from running in HP (my main account / admin account). Ive investigated the spike via process explorer and found something interesting??? This is the stack thread : 0x0000000000000000 ntdll.dll!ZwOpenKey+0xa KERNELBASE.dll!NlsWriteEtwEvent+0x23b KERNELBASE.dll!NlsEventDataDescCreate+0x29a KERNELBASE.dll!NotifyRedirectedStringChange+0x72 KERNELBASE.dll!SystemTimeToTzSpecificLocalTimeEx+0x56ac KERNELBASE.dll!LoadStringByReference+0x134 kernel32.dll!RegLoadMUIStringW+0x18e Crypt32.dll!CertCreateCertificateChainEngine+0x15fd Crypt32.dll!CertCreateCertificateChainEngine+0x1366 Crypt32.dll!CryptEnumOIDFunction+0x930 Crypt32.dll!CertCreateCertificateChainEngine+0x1174 Crypt32.dll!CryptFindOIDInfo+0x62 WINTRUST.DLL!CryptSIPCreateIndirectData+0xe1 WINTRUST.DLL!CryptCATAdminCalcHashFromFileHandle+0x1f5 WINTRUST.DLL!WVTAsn1SpcPeImageDataEncode+0x175 WINTRUST.DLL!CryptSIPCreateIndirectData+0x6a Crypt32.dll!CryptSIPCreateIndirectData+0xaa WINTRUST.DLL!CryptCATAdminCalcHashFromFileHandle2+0x1a4 WINTRUST.DLL!IsCatalogFile+0x43b6 FRST64.exe+0x26384 0x0000000000000000 kernel32.dll!HeapFree+0xa 0x0000000000000000 FRST64.exe+0x92a90 FRST64.exe+0x120f2 FRST64.exe+0x1039b FRST64.exe+0xc21b FRST64.exe+0x744e FRST64.exe+0x4d8b4 FRST64.exe+0x1039b FRST64.exe+0xc21b FRST64.exe+0x744e FRST64.exe+0xc458 FRST64.exe+0x744e FRST64.exe+0x45f75 FRST64.exe+0xfa4d FRST64.exe+0xfd3e FRST64.exe+0xc11f FRST64.exe+0x1acae FRST64.exe+0x19e20 FRST64.exe+0x2fabc kernel32.dll!BaseThreadInitThunk+0xd ntdll.dll!RtlUserThreadStart+0x1d

Kevin, a non-admin scan has completed, I will upload them under this response just for documentational purposes, I know you likely NEED the scan run with Admin privilege. hopefully you see something? Please let me know how to continue, in the meantime I will continue to try to run the scan as admin Addition.txt FRST.txt

Hello Kevin! a pleasure meeting you, hope all is well. I appreciate your response! I tried to run it with admin privileges but the CPU usage jumps to 25% and FRST becomes non responsive / freezes. I run it from this account (non admin) and it works fine and doesnt freeze, what should I do?

Hello everyone, I am new here. I am using a HP pavilion DM4, with windows 7 home premium, and about 20 days ago (7/8/2019, I got a black screen with a cursor only after logging into my Admin Account, even on safemode. the day before this issue occurred (7/7/2019), I had turned off my AVG, while trying to run a malwarebytes scan, to do so, I changed its (AVGs) permissions to EVERYONE and I also set the AVG off, and restarted my computer, Lo and Behold, I couldn't get back on my ADMIN main user!, I am currently writing this on the same laptop, but on the account of a secondary user. I can only open a few Antivirus programs such as malwarebytes and AVG, however I cannot run Roguekiller or MSERT as they freeze. Ive done many test and NONE concluded malware, except a Malware bytes Anti Rootkit scan which detected 4 trojan files located in C:$\recyclebin (system recycle bin?). I've since removed them and I am currently attempting all my options. The crazy thing is, I actually fixed the problem, via system restore, and all was good! however I became stupid in thinking and decided to RE-RESTORE the system, because I was upset that my google chrome had updated!!!, and thus the problem had returned, and the old restore points have vanished since!. I would really love some help because I am sure something has taken over the admin privileges of the system, and is running SVCHOST.EXE and CONSENT.EXE upon start. Ive studied the strings and the threads and they run at 25% CPUs, jamming the system up. Ive also noticed something keeps closing antiviruses and services.exe when i try to open them. (I see all this via PROCESSEXPLORER from the second account with admin privileges). I cannot run SERVICES.EXE, but i can run regedit, msconfig, task manager, etc. Ive done SFC/scan as well as CHKDSK and it found some corrupt files and "fixed them", but the issue persist. Ive downloaded FRST, roguekiller, combofix, adwcleaner,. I have not run them, I am awaiting assistance (from you guys). please help me!!!! thank you in advance!