jaydee109

Thank you very much sir

Here's the link, File Inspect seems to be informative. http://www.fileinspect.com/fileinfo/svchost-exe/ FYI... if you reboot your computer you might have to redo the priority but it's no big deal to redo.

Yes, it's date stamped 10/24 I believe. I've already tried that and I get the error message file corrupted can not continue. I went browsing Microsoft Tech Net for the cpu usage and came across a fix that suggested resetting the priority to "low", which I did. Things seem to be working much better at present. Ran both Norton and MBAM with no problems found on either. Only thing that wasn't scanned was the portable hard drive which I disconnected. Think I'll just replace it and go from there. Me thinks I'm good to go unless you have anymore suggestion.

Afternoon Sir, Just a short note to thank you for your time. I appreciate your advise and guidance, not to mention patience. I believe that my problem started from a Windows Update done on 11/12 or so. From what I've read that's where a lot of high CPU problems come from. Again I thank you for your time,

Verification please... download site for Java says Version 8, update 25 available, when I attempt to remove old version it says I already current version... Version7 update 71 and stops. I don't understand ???

Morning, Tried to do a system recovery yesterday and couldn't complete. Said a broken or corrupted file prevented it. Great. Please read the HiJackThis log, has a lot of "file missing", "unknown user" performing tasks" and various registry changes. I don't what to do. I can't afford to loose all the info on here due to medical issues. And I don't trust the back-up drive due to its past behavior. Lately, the Java Updater has been flashing windows for new version upgrade. Flashes on once every 15 to 30 seconds. Tried disabling or killing the task but keeps coming back. This is really getting frustrating. Please advize. hijackthis.log

Couldn't export the MBAM scan to .txt It wasn't there. Finally was able to find it in MBAM folder under the quarantine\ log. So ran another scan and it showed up where it should be but after selection it wouldn't export to .txt. Couldn't even select and view (grey out) Went back to Explorer Malwarebytes\log not the quarantine one and low and behold all 600 or so logs were GONE. finally found them under quarantine \log. OK' so I'll just transfer back where they belong. Nope, said I needed admin account except I'm logged in under admin. Eh, went to shortcut did the run as admin thing. Still came back "needed admin" ??? OK, let's try to move just a couple files, need admin. Lets delete the oldest log file...nope. So I had to do the HTML post. Couple interesting things, when the virus was found the post stated it was run at 3:30 something AM(my time) and manual. I was sound asleep. My puter does things on its own just like relocating all those logs. Another thing I noticed yesterday morning was my portable hard drive was performing a back-up of 5 or so hours. Now the activity light was on steady not flashing like it does when working. So I opened the program and got the welcome message, proceeded to check the back up( lately it's been missing 40 0r so files that won't back back up due to use by another program). The little progress bar was just ticking away. Disconnected it thinking might be the cause of the CPU usage. Not that lucky. Now CPU is using both cores at almost 100%. Another point, while trying to remember \ find out how to make the task bar hide the letters ENG showed up on the task bar. The balloon message said something like "Language English press space bar + something to change). Fast as it showed up it left. This things acting like it's got a mind of it's own. OK... may I delete the quarantine log for the "Trojan" just to ease my mind (probably won't let me). What's next? mbam-log-2014-11-25 (20-32-48).xml FRST.txt Addition.txt

Quick question, should I delete the previous frst.txt and addition.txt from the desktop before proceeding?

Overnight MalwareBytes performed a scan and found Trojan.Sharik.VX which it quarantined. Also my e-mail service notified me that 20 pieces of spam had been sent from my account, which I hadn't done. protection-log-2014-11-24.xml

Attachments per your instructions... mbar-log-2014-11-24 (13-23-04).txt system-log.txt FRST.txt Addition.txt

Mr. Eagle, Downloaded root kit, updated, ran scan, exited Mbam, got error message that scan failed, tried again, same thing, tried to download FRST, downloaded, Norton blocked it and removed. said unsafe. Do I need to go thru Auto Runs and disable anything to do with Mbam. J

Good Morning, Using Task Manager, I found Service Host: Local Service (No Impersonation) (5). In details shows svchost.exe PID 2524, running, LOCAL SERVICE, CPU between 78 and 89. In services portion of Task Manager I have 5 services, Upnp Device Host, Time Broker, SSDP Recovery, Sensor Monitoring Service and Function Discovery Resource Publication. PID is 2524 for all 5. System is an HP Pavilion 500-023w Desktop Intel Core i3 3240 3.4 GHz Dual Core 8GB memory 1 TB SATA drive I have tried to download FRST a couple of times but Norton red flagged it and deleted from desktop. Also have 3 references to WOW64 in AutoRuns but it says file not found, tried to delete but comes right back. Norton has been giving me high CPU usage errors which seem to be happening more frequently. Awaiting your instructions on how to proceed. J

Borislav. I am glad you gave me the detailed explanation you did. Now if I might ask you another question concerning repairing the drive. I have tried using the dell supplied recovery disc but I can't get the option that reformats the hard drive. Can you help with that or should I ask elsewhere? J

Hi Borislav, After re-reading your post and contemplating the situation I think reformatting would probably be the best option, however I do have some concerns about the recovery procedure. I do not have an Windows operating disk but a recovery disc from dell. I also don't have a product key to re-actvate the OS. I have heard that some how it is embedded in the BIOS. Your thoughts please. J

Hi Borislav, Pleased to meet ya. At this point I would like to proceed with you guidance. Before we start though, I could not find the e-mail reply option, I would like to use it if I could. Thanks... Now where should we start? J

Hi, The Problem first started not being able to open PDF's attachments in AOL mail. After searching for answers (thought it would be simple) I ran MB. Found 11 faults, Ten being PuP's and HiHack SHELL.32. Everything seems to resolve around RecipeHub ToolBar. Anyway I deleted all the offenders and seeing a couple references to Adobe Reader thought this might be the cause of the problem. Not... Now 90% of the time can't access Control Panel, Internet explorer is erratic (stops and says must close). I will say on my first scan it took 2 hrs 18mins, second scan hung after 40min, and the last scan 3hrs 16min. The machine is: Dell Studio 1737 Laptop Intel Core Duo 2.27 GHZ 3 GB ram Vista Home Premium SP2 32 Bit Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Covington :: COVINGTON-PC [administrator] 10/7/2013 6:32:22 PM mbam-log-2013-10-07 (18-32-22).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 344559 Time elapsed: 2 hour(s), 18 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\Typelib\{03119103-0854-469D-807A-171568457991} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully. HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\RecipeHub_2jService (PUP.Optional.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: SSWEETPACKS -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume3\Users\COVING~1\AppData\Local\Temp\sbsiqwf\sfyjisc\wow.dll) Good: (SHELL32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Covington\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6XHRSSI\Adobe_Reader_setup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully. C:\Users\Covington\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUM3L55D\Adobe%20Reader[1].exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully. C:\Program Files\RecipeHub_2j\bar\1.bin\2jbarsvc.exe (PUP.Optional.MyWebSearch) -> Delete on reboot. (end)

Thank both of you very much for the helpful insight This post can be closed if that's how it's done. I have to gather some info and i'll be back in a few but it won't pertain to this subject. Again, thank you both. jaydee109

Afternoon, After using your sight in the past, I find myself in need of help again. I feel it would be only fair to upgrade to Pro since the last time my problem took alot of time and I expect this will too. So... MY questions are do I have to delete the current copy of MBam, should I disable my Norton AV and can Norton and MBam work together, Thank You jaydee109

Will do, downloaded PCTools FW, automatic turn off on Windows FW. Even gives you a status box with both listed. No guessing J

RPMcMurphy, What about the extra recycle bin $Recycle.bin. Think I'm gonna try the PCTools FW. Never did like that TeaTimer. J

RPMcMurphy, Sorry, damaged file is located in windows\downloaded program files. Other than that I think we're good at the moment. After all this I'm justly slightly paranoid. Just want to say THANK YOU again, I feel I have the recieved the most professional and courteous assistance I have ever expierienced. Not to mention that I truly feel that I am dealing wirh someone that genuinnely cares. I can't say it enough... I am so impressed! J

Morning RPMcMurphy, I deleted per you instructions. Then went thru folders and cleaned up. I did find a file that is listed as "damaged" size "none" created "11/02/2006" last accessed "9/4/2010" name {E2883E8F-472F-45B0-9522-AC9BF37916A7}. Can I delete it? Also opinion on Zone Alarm, It gives more information about what's trying to do what aand gives you the option of how to handle the situation. If ZA goes down WF turns on. Looks like our unwanted "guest" has been evicted. No trace in 12 hours. Did a scan with NAV, picked up and removed 12 tracking cookies, has however few (lot) of transmissions to be submitted to them, tried their "support" <sarcasm> to find out why. Alot of what they found are more .DLL's. System running alot better just hope this stuff NAV has highlighted for inspection is not more of the same waiting to "move in" Paranoid me thinks I be. J

RPMcMurphy, DDS Logs as requested, DDS (Ver_10-03-17.01) - NTFSx86 Run by JayDee109 at 22:20:02.26 on Sat 09/04/2010 Internet Explorer: 8.0.6001.18943 Microsoft

Not sure I really want to use NAV 2010. What is your opinion. Thanks

OK... continuing. Thanks