  1. I am currently faced with an issue with my task manager where when I open it, it immediately closes after .5/1 second(s). I think I might've downloaded some file somewhere earlier but I already deleted my recent downloads. I tried /taskkill command using cmd since I found 2 console tasks that were suspicious but once I killed them, they just come back immediately. I will be highlighting the 2 tasks in the attached photos (mservicecpu.exe and xservicegpu.exe). Although I'm not really sure whether these 2 are the cause of my problem since no results come out when I try to search for them on Google. I have also tried FRST and JRT, and will be attaching the corresponding files/results below. I've done so many fixes but haven't yet resolved the issue. I really need some help. It opens as shown in the attached photo but closes. Addition.txt FRST.txt JRT.txt
  2. Hey, I'm having the same exact problem as the person who started this thread. I haven't been able to open my task manager and my CPU's fans have been running under severe load even though I only have a couple of chrome tabs open. I have downloaded an alternate task manager to figure out what's causing my CPU to run fast and it turns out I have the same perpetrator as the person with the original problem. I first stumbled upon this problem around 3 days ago, which makes me assume that this new virus is a threat that has started to spread out recently, but that's only based on my presumptions. Anyways, I was wondering how I could permanently get rid of this application so I don't have to worry anymore. I saw that his solution was to delete it in Registry Editor, but I have no clue on how to find this specific application and delete it in RegEdit. Also, I wasn't able to quarantine it while scanning for this virus/bug with MalwareBytes and the default Windows Defender Scanner. So far, I've done a couple steps with restarting my computer, running sfc /scannow in command, the HTTP ONLINE thing, and a couple others. Any help regarding this issue would be appreciated. (The issue I have is the same. I have seen processes such as mservicecpu.exe, xservicegpu.exe, and qtLaunch.exe, all presumably the perpetrators in this situation.
  3. Hi, recently i noticed that my cpu usage went up to 90% above, but everytime i run the task manager, the CPU usage automatically go down to 30-40%+. But if i close the task manager, the whole pc is starting to experience lag. I tried using the malwarebytes to scan. But i still experiencing this issue. malware.txt adw.txt
  4. Hi. I've been noticing high CPU temperatures and fan speeds on my laptop (which I recently cleaned and reapplied thermal paste to). Every time I open the Task Manager, the CPU usage is on 50 - 90% for a moment but immediately drops down to 5 - 10%. I'm suspecting this is a bitcoin miner virus, mainly because the symptoms are identical to what was described in this thread. Should I follow the same steps given to the person in that post? Thanks in advance for any replies. (My system is an XPS 15 9560, Intel i7 7700HQ, Nvidia GTX 1050, 8Gb RAM, Windows 10 Version 2004)
  5. Hi, I'm not sure if this is correct place to post. I bought this laptop computer in 2016, but didn't start using it regularly until 2019/2020. In 2019 from about April until July, I used it for a part-time work-from-home survey job. Then, early this year I started using it exclusively when Windows 7 became obsolete. The laptop runs slow, and this isn't something that started after an update. It just seems to keep getting slower. Sometimes it seems particularly slow when using the internet or specific websites (like FaceBook, etc). Btw, I usually use MS Edge browser. Rarely do I use the Chrome browser. When I had that survey job last year, I had to use Firefox, which has since been deleted from this computer. Other times, the computer is slow in opening apps or files...or even slow to open task manager when I hit 'CTRL' + 'ALT' + 'DELETE'. I know there are a lot of MS apps on my computer that I don't even use. Not sure if they have anything to do with it. And, I don't know for sure how to ensure my non-MS apps are up-to-date. I used to use Avast (not premium, just free), and it would notify me if an app was out-of-date. My previous laptop with the Windows 7 (and way less storage, etc) ran much faster. Could you either help me figure this out, or send me to a more appropriate forum/website? And after this issue is resolved, are there guidelines for Windows 10 settings? Thank you, Julie
  6. Hello, Recently my PC started acting weird and I was wondering what's the problem. I found out that when I turn on Task Manager processor usage drops instantly from 100% to normal rate. I had this problem many years ago on a different PC (it turned out to be a bitcoin miner) and Malwarebytes scan worked like a charm, but now it doesn't help. What should I do to make my PC working like it should? Sorry for my poor English, i'm not native. :) Thanks for any help, I appreciate it. :)
  7. Hello, I recently noticed that when I am running my PC and open task manager I see the CPU usable at 70-100% for a moment before it drops to about 10%. I've followed the advice on https://forums.malwarebytes.com/topic/241749-cpu-usage-high-until-i-open-task-manager/ (as best as I can) which hasn't been able to fix it. I've ran multiple scans of Malwarebytes and while its detected 1 or 2 things it hasn't made a difference. Thanks, Hawk Malwarebytesfile.txt
  8. Hello, I built a new pc a month ago and it's been doing great until a few days ago that I noticed my cpu at 50% plus when idle/browsing with no heavy programs running. Everytime I run the task manager or similar programs I downloaded online, the CPU usage will always go down to around 1-5%. I ran a total scan using avast and I dont see any malicious file. I can't see what process/program is the culprit because everytime I check it on the task manager, the usage will suddenly drop and I can no longer see which one is using all the cpu. I've seen similar posts online and here, and tried to resolve it but I dont see any suspicious file and I really don't know which process is the malware. My Setup is: i7 8700k Processor, GTX 1060 6gb, 8GB Ram, Windows 10. I hope you can help me find some solution or better yet pinpoint the cause. Forgive my english. Thanks a lot=)
  9. I'm writing to you from my phone. I turned on my computer my sign on for Microsoft came up, I signed in and it took me to a blank screen. Control/Alt/Delete brought up task manager but that's all I have. I can't afford to take it in. I'm no guru. My computer is a HP EliteBook core i7 vPro Windows 10 Pro. I don't know what else to tell you
  10. Hi, Windows Powershell.exe appears on my W Server 2008 R2 Enterprise, it consumes from 75% until 100% of cpu and appears occasionally but in 1 day it appears 3 times. its annoying because i will always have to end this procees in the task manager everytime that it appears. (I ran avast antivirus because i have a license but it doesn't solve this).
  11. A little while ago tonight, my desktop slowed to crawl. Applications unresponsive, opening one taking two minutes,etc. when I finally got Task Manager open (W7 64bit), I saw this. I was not running a scan. It took the computer about 7 minutes just to reboot, then it was fine. What does this signify? Thanks.
  12. Hi I'm having some really strange issues with Malwarebytes Anti-Malware... I'm running W7 64: A few days ago I saw my MW wasn't on the system tray and I wasn't getting any warning for any prohibited websites, so I decided to do a clean re-install using mbam-clean- and activate the newly installed version using my key and, only one day later I'm right back where I started, which is: I can't see the icon in the system tray I can see that mbam.exe *32 AND MBAMService.exe are running in the Task Manager but... I don't get any warnings at all. When I execute the desktop icon, nothing happens. Malwarebytes also disappeared from my wife's PC a couple of weeks ago (she just had it reinstalled and we'll see how that goes) I think I'm not protected now and this is really frustrating because I feel like I need to be vigilant constantly so that "something" doesn't go wrong... Can someone help me please? Thanks
  13. Recently I had two problems occur 1)a window would open stating " the requested resource is in use" and 2) when attempting to open task manager the program would flash open for a second and then close and disappear. I researched the problem and not unexpectedly most solutions referenced Malwarebyte. Almost all solutions began by downloading and installing your products. The downloading posed no problem and all were successfully downloaded. Obviously the next step was installation and all failed; an error message stating "the requested resource is in use". Therefore I am looking to this forum as to how to remedy the situation. Thank you Jerry
  14. My Malwarebytes detected and quarantined pum.disable.taskmgr. Unfortunately, although I have done everything to enable (yes, my default is back to '0'), it now tells me that it cannot find taskmgr.exe even though I can see it and click the icon in my program files. Is there any way to restore that? I also can't get permission to drag anything into the folder C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.14393.0_none_dc5b465b0231f5ad where it says my taskmgr.exe lives. Please help!! Every time a program freezes up I have to hard shut off my computer. I am using a Windows Surface with the latest version of Windows. Very frustrating... :-( Thank you, Marcia
  15. I scanned with Adware Cleaner and it detected these entries in my registry(or running somewhere) my PC is slow to boot to startup, programs are sluggish and after google searching I found nothing but forums indicating this is a good indication of malware. I ran Malwarebytes prior to my Adware scan but it found nothing, however my PC is running slow. and programs(including Mbam and MS Security Essentials) is slow to open and slow to load. often times MS Security Essentials doesn't turn on autoprotect at all. FRST.txt Addition.txt
  16. LG Optimus L90 Android Malwarebytes Mobile detects a program called: Task Manager, version 4.41.1, com.lge.lmk. App Info indicates: This may cost you money, reroute outgoing calls, etc. I cannot find adequate information about what this app is. Since and update installed that and Quick Translator, many app install dates appear as year 1970. Is my phone infected? Thanks.
  17. Hello, I know that many people are having problems after downloading Malwarebytes Anti-Exploit on Windows 10 computers. You will try to run the program and it will give you an error message. If you're savvy enough to go into task manager, the process will be there but nothing will happen. This error could be due to a corrupt file when downloading the program, it could be due to an antivirus conflict, or it may have been due to encrypting the hard drive with bitlocker or truecrypt. Here is how to fix this: Go to your command prompt. (windows key, type 'cmd' , ctrl +shift +enter) - or Right click on 'command prompt' and select 'run as administrator' Type in 'cd' and then the location of the malware bytes file (it's usually under program files). For example: cd c:\program files (86x)\malwarebytes anti-exploit\ Type 'mbae-svc -install' after the extension. For example: c:\program files (86x)\malwarebytes anti-exploit\mbae-svc -install\ This should start working immediately. I was frustrated that a program I paid for was not working so I took a few minutes to play around with it. You're Welcome. -Lando.
  18. Additionally, a Malwarebytes scan returned >71,000 threats yet the program was unresponsive when I tried to remove all threats. Help?! Addition.txt FRST.txt THREATS.txt
  19. Hello, I'm trying to speed up my old pc by closing as many programs as I can in task manager to maximize available cpu for a 3-D modeling progam that is a real hog. As it stands it barely works, I get frequent low memory warnings and it crashes frequently. Can anybody tell me which entries in Task Manager MUST be kept open to insure full functunality of Malwarebytes? I'm sorry, but I'm not very tech savvy and it's all gobbledygook to me. It would help if the names in the Task Manager list were the same as the names of the programs in question, but often they're not. I'm running Malwarebytes Anti-malware premium Thanks! PS I'm still using windows xp. Yeah, I'd like to upgrade, but can't afford it.
  20. I have donne some digging and have found that this is either a trojan , something connected with avast, Win7 or an infected MW Pro. I don't use and have never installed Avast. My OS is Win XP Home 2003 SP/3. MW has not failed to scan, update or block a virus or malware so I don't think that's it. I did notice that when that popped up in task manager that MW PRO started again with "malicious website blocking diabled" again but once I do a manual update, it goes back to normal. So what is unsecapp.exe? I Have been having issues with videos playing on FB and Yahoo so I have set Flash to "ask to activate" when I want to see a vid. Ran debugger on plug-in container and is ok but after that unsecapp.exe appears again in task manager. Since that has been in the task manager, everytime I run MW PRO, it seems to take forever to finish: averaging 1h 30m on full scan. Is this a type of virus ir thread or something that is building in my system witing to crash it?
  22. Hello - I've just signed up to get help with same problem that was in earlier post that's been resolved and locked: "csrss.exe winlogin.exe. No description no username, started by cactusjack73, Dec 15 2013". The symptoms are the same, both of these show under "processes" tab of task manager without username or description. Rightclick options of "Open file location" and "Properties" do not work. Attached is a screenshot of task manager and my system specs. Additionally, the internal hard drive is SAMSUNG SSD PM830 mSATA 128GB ATA Device, ACHI enabled and I have 2 Seagate Free Agent USB HDDs - 640GB and 1 TB that I've been using with my old laptop running XP and could be sources of possible malware, although I have scanned both drives with MalwareBytes Anti-Malware free version with 1 PUP detected (FreeFileSync program - no toolbars were installed - log is also attached. I'm still new in using Windows 7 and haven't finished installing all the core programs / printers I use. I'd appreciate getting some timely help before continuing with the program installation and migrating my data to the internal SSD in between a full class schedule! ---dpwoodpecker 20140618 mbam log.txt
  23. Hello, I have been unable to stop the bleeding my pc has. Having a number of issues that are not detected by ANY tools and/or anti virus/malware programs. Today I got the Win32/bundle,toolbar while updating CCleaner and its now time to let somebody more educated in this area take the wheel. Here are the requested logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: Run by Timelord at 15:41:21 on 2014-02-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.770 [GMT -6:00] . AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\System32\hkcmd.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\prevhost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sOSUAUI] "C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" -showui mRun: [sMessaging] C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll Trusted Zone: adobe.com TCP: NameServer = TCP: Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A} : DHCPNameServer = TCP: Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}\144545536303 : DHCPNameServer = TCP: Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}\2484747457563747 : DHCPNameServer = TCP: Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}\4457E6B696E60244F6E65747370275966496 : DHCPNameServer = TCP: Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9} : DHCPNameServer = Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Users\Timelord\AppData\Roaming\Mozilla\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll . ============= SERVICES / DRIVERS =============== . R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320] R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2014-2-14 62168] R2 DirMngr;DirMngr;C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe [2011-3-2 224256] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-14 352336] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-8-20 872552] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-14 13336] R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-10-25 255376] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-2-20 1809720] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-2-20 856376] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-19 517632] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832] R2 sagentservice;Online Backup Service;C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [2013-8-15 39832] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-20 2656280] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-14 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-14 169584] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-20 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-2-14 119000] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-2-20 63192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-1-13 74840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-25 19456] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-7-14 1109096] S3 SystemExplorerHelpService;System Explorer Service;C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-9-25 821720] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-25 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-25 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-4 1255736] . =============== Created Last 30 ================ . 2014-02-26 11:02:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{832679A4-AEA7-4EB8-B310-6B9C520CF682}\offreg.dll 2014-02-26 00:03:56 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{832679A4-AEA7-4EB8-B310-6B9C520CF682}\mpengine.dll 2014-02-24 04:11:06 -------- d-----w- C:\Users\Timelord\VirtualBox VMs 2014-02-24 01:56:05 -------- d-----w- C:\Users\Timelord\.VirtualBox 2014-02-24 01:50:31 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2014-02-24 01:50:16 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2014-02-24 01:49:54 -------- d-----w- C:\Program Files\Oracle 2014-02-23 20:26:43 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2014-02-22 20:28:40 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2014-02-22 20:28:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes Secure Backup 2014-02-21 02:13:43 -------- d-----w- C:\Program Files (x86)\Guitar Pro 5 2014-02-20 22:52:51 92376 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-02-20 22:52:51 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-02-20 22:52:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-02-20 20:45:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-02-19 05:01:36 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-16 02:02:30 -------- d-----w- C:\FRST 2014-02-16 01:53:47 31344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\CommandExecuteHandler.exe 2014-02-15 04:35:42 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-02-15 04:32:29 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-02-15 04:32:29 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2014-02-15 04:32:28 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2014-02-15 04:32:28 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2014-02-15 04:05:25 -------- d-----w- C:\ProgramData\Malwarebytes 2014-02-12 00:56:53 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation 2014-02-11 23:54:32 -------- d-----w- C:\Users\Timelord\AppData\Roaming\Intel Corporation 2014-02-11 20:41:53 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe 2014-02-11 20:41:53 626176 ----a-w- C:\Windows\System32\RMActivate.exe 2014-02-11 20:41:53 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe 2014-02-11 20:41:53 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe 2014-02-11 20:41:53 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe 2014-02-11 20:41:53 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe 2014-02-11 20:41:53 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe 2014-02-11 20:41:52 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll 2014-02-05 02:15:40 -------- d-----w- C:\Users\Timelord\AppData\Local\{8EA20FF4-16AE-4D06-A6B0-E8F9BF030AE5} 2014-02-03 23:37:14 -------- d-----w- C:\Program Files\ESET . ==================== Find3M ==================== . 2014-02-21 22:33:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 22:33:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll 2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-01-16 02:07:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-18 23:16:44 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2013-12-18 23:16:44 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2013-12-18 23:13:30 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2013-12-18 12:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe 2013-12-18 06:11:52 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl 2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll 2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll 2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll 2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll 2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll 2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe . ============= FINISH: 15:42:28.26 =============== . . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/31/2012 9:59:56 PM System Uptime: 2/26/2014 2:47:37 PM (1 hours ago) . Motherboard: Acer | | HMA51_HR Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1067mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 25.141 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_81861025&REV_01\4&193E79E5&0&00E5 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_81861025&REV_01\4&193E79E5&0&00E5 Service: RTL8192Ce . ==== System Restore Points =================== . RP323: 2/19/2014 2:19:42 AM - Configured clear.fi RP324: 2/21/2014 4:05:59 PM - Windows Update RP325: 2/22/2014 2:27:56 PM - Installed Malwarebytes Secure Backup RP326: 2/23/2014 2:25:54 PM - Windows Update RP327: 2/23/2014 7:00:14 PM - Windows Backup RP328: 2/23/2014 7:49:15 PM - Installed Oracle VM VirtualBox 4.3.6 . ==== Installed Programs ====================== . 7-Zip 9.22 (x64 edition) AC3Filter 2.6.0b Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Gamess Acer Updater Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Adobe Shockwave Player 12.0 Agatha Christie - Death on the Nile Alcor Micro USB Card Reader Any Video Converter 5.5.1 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Backup Manager V3 BBC iPlayer Downloads Bejeweled 2 Deluxe Bitcoin Build-a-lot 4 - Power Source CCleaner Chronicles of Albian Chuzzle Deluxe clear.fi clear.fi Client ConvertHelper 2.2 Cradle of Rome 2 D3DX10 Defraggler DivX Setup Dora's World Adventure ESET NOD32 Antivirus FATE: The Cursed King FileASSASSIN FileHippo.com Update Checker Final Drive: Nitro Galerie de photos Windows Live Governor of Poker 2 Premium Edition Gpg4win (2.1.0) Guitar Pro 5.0 Identity Card Intel® Control Center Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® SDK for OpenCL* Applications 2012 Java 7 Update 51 Java Auto Updater Jewel Match 3 Junk Mail filter update Launch Manager Malwarebytes Anti-Exploit version Malwarebytes Anti-Malware version Malwarebytes Secure Backup Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion NTI Media Maker 9 Oracle VM VirtualBox 4.3.6 PeerBlock 1.1+ (r677) Penguins! Plants vs. Zombies - Game of the Year Polar Bowler Polar Golfer Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) swMSM Synaptics Pointing Device Driver System Explorer 4.5.0 Torchlight Translate Genius TrueCrypt VC80CRTRedist - 8.0.50727.6195 Virtual Villagers 5 - New Believers VLC media player 2.1.2 Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin xplorer² lite 32 bit Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 2/26/2014 2:25:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Online Backup Service service to connect. 2/26/2014 2:25:55 PM, Error: Service Control Manager [7000] - The Online Backup Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/25/2014 12:50:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect. 2/25/2014 12:50:52 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/25/2014 11:18:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service. 2/25/2014 11:18:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 2/24/2014 7:02:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/24/2014 6:51:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 2/24/2014 6:51:04 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/24/2014 6:50:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/24/2014 6:50:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 2/24/2014 6:50:42 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 2/24/2014 6:46:18 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/24/2014 6:03:20 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/24/2014 6:01:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/24/2014 6:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/24/2014 6:01:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/24/2014 6:01:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/24/2014 6:01:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/24/2014 6:01:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv ESProtectionDriver spldr truecrypt VBoxDrv VBoxUSBMon Wanarpv6 2/24/2014 2:38:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 2/22/2014 2:28:48 PM, Error: Service Control Manager [7030] - The Online Backup Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/21/2014 4:04:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service. 2/21/2014 2:42:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 2/20/2014 9:26:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 2/20/2014 5:58:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service. 2/20/2014 12:24:40 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 2/20/2014 11:35:29 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{B3917305-A200-44C0-9D84-D55943D066B9} because another computer on the network has the same name. The server could not start. 2/19/2014 7:31:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service. . ==== End Of File =========================== Thanks in advance for ANY and ALL help. It is greatly appreciated. Timelord
  24. in safe mode csrss.exe and winlogon look normal However when Win 7 64bit pc is booted into normal mode there is no description for either and no username. I can also not find the file location of either process. Have run malwarebytes in normal mode as well as Kapersky 6 and have not found a virus. Still suspicious though?
  25. Last week I ran Malwarebytes. It informed me that it found one item and that it needed to reboot to remove it. After rebooting my system loaded a mysterious task bar button. (I uploaded it as an attachment to this post) It looks like a square with text and a balloon with a question mark in front. I have looked in task manager and no program is listed as running. I have looked at the processes running, but it is hard to know what process it may be. Any help would be appreciated running windows xp thanks malwarebytes.bmp
