Teralax Posted August 18, 2017 ID:1154940 Share Posted August 18, 2017 I have a system that I have scanned with Malwarebytes to remove some things but the system is still running slow with svchost using a very high % of cpu. Attached are the FRST, Addition, and malwarebytes logs. Addition.txtmalwarebytes.txtFRST.txt Link to post Share on other sites More sharing options...
Valinorum Posted August 18, 2017 ID:1154981 Share Posted August 18, 2017 Hi, My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s): Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance. Please do not install any new software while we are working on this system as it may hinder our process. Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean. Please do not try to fix anything without being asked. Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise. Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread. Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system. If you are confused about any instruction, stop and ask. Do not keep on going. Do not repeat the steps if you face any problems. I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed. Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication. The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage. Step #1 Fix with AdwCleanerDownload AdwCleaner to your Desktop from the following link.Download Link Right-click on AdwCleaner.exe and choose Run as administrator; Click on Tools>Option and put a tick mark as shown in the image below; Click on Scan and let the program run unhindered; When done, click on Clean and allow the system to reboot after it is done; A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number; Copy and Paste the contents of this log in your reply. Step #2 ESET Online Scanner Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information. Download esetsmartinstaller_enu.exe by clicking here. Right-click on the program and choose Run as administrator. Accept their terms and condition and proceed. Install Add-On/Active X if prompted. From the Computer Scan Setting check the following box --Enable detection for potentially unwanted programs Click on Advanced Setting -- Check the box beside Remove Found Threats; Check the box beside Scan archives Check the box beside Scan for potentially unsafe applications Check the box beside Enable Anti-Stealth Technology Click on Start and wait for the virus signature database to update. The online scan will begin automatically and can take several hours. Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall. After the Scan finishes -- If no threats were found:Put a checkmark in Uninstall application on close. Close the program and report that nothing was found If threats were found:Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit). Copy and Paste contents of the log file in your next reply. Note: Enable your security programs afterwards. Link to post Share on other sites More sharing options...
Teralax Posted August 18, 2017 Author ID:1155003 Share Posted August 18, 2017 ADWcleaner log. The other scan is still running right now and I will post that later. # AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 18 19:07:31 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: BeFrugal.com Service ***** [ Folders ] ***** Deleted: C:\Users\mzlindaniles\AppData\LocalLow\HPAppData Deleted: C:\Users\mzlindaniles\AppData\Roaming\iWin Deleted: C:\Users\mzlindaniles\AppData\LocalLow\Toolbar4 Deleted: C:\Users\mzlindaniles\AppData\Roaming\Yahoo!\Companion Deleted: C:\ProgramData\apn Deleted: C:\ProgramData\Application Data\apn Deleted: C:\Users\All Users\apn Deleted: C:\Users\mzlindaniles\AppData\LocalLow\Inbox Toolbar Deleted: C:\Program Files (x86)\Crawler Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 Deleted: C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log Deleted: C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} Deleted: C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log Deleted: C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log Deleted: C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Deleted: C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log Deleted: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} Deleted: C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log Deleted: C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Deleted: C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Deleted: C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log ***** [ Files ] ***** Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Deleted: C:\Users\All Users\Desktop\eBay.lnk Deleted: C:\Users\Public\Desktop\eBay.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2335A057-CBA6-40F6-A712-C6A7C98F7813} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Image File Execution Options%s keys deleted ::Prefetch files deleted ::Proxy settings cleared ::TCP/IP settings cleared ::Firewall rules cleared ::IPSec settings cleared ::BITS queue cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4371 B] - [2017/8/18 19:5:11] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Link to post Share on other sites More sharing options...
Teralax Posted August 19, 2017 Author ID:1155164 Share Posted August 19, 2017 ESET ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # end=init # utc_time=2017-08-18 07:18:06 # local_time=2017-08-18 02:18:06 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 34446 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # end=updated # utc_time=2017-08-18 07:23:33 # local_time=2017-08-18 02:23:33 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=9284d11b8387234198d2394b47004d5a # engine=34446 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2017-08-19 04:58:56 # local_time=2017-08-18 11:58:56 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton Security *' # compatibility_mode=3603 16777213 100 86 774782 2965560 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 128520110 254662186 0 0 # scanned=419494 # found=5 # cleaned=5 # scan_time=34522 sh=325E731D317FB0D81FE28FD4545062D09C7589E3 ft=1 fh=60deeae98ff4a745 vn="a variant of Win32/AdInstaller potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Documents\Dictionary\DictionaryBoss.exe" sh=3B6118F8F80E489613A7DA50479B702DEBB39804 ft=1 fh=778c92552a6808c4 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Downloads\CouponPrinter.exe" sh=5824B8D927C533484F6499CF201F9AFFE8F21E1F ft=1 fh=1d005e947f2a5474 vn="a variant of Win32/Adware.Coupons.AA application (cleaned by deleting)" ac=C fn="C:\Users\mzlindaniles\Downloads\CouponPrinterCPS.exe" sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSI48B4.tmp" sh=D65FE023EE548A502ECD63616B9C3FDE31214469 ft=1 fh=15c731add8118119 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Windows\Installer\MSIDE97.tmp" Link to post Share on other sites More sharing options...
Valinorum Posted August 21, 2017 ID:1155536 Share Posted August 21, 2017 How is your PC performing? Link to post Share on other sites More sharing options...
Teralax Posted August 21, 2017 Author ID:1155561 Share Posted August 21, 2017 Still running slow with the svchost process using lots of cpu. Link to post Share on other sites More sharing options...
Teralax Posted August 23, 2017 Author ID:1156436 Share Posted August 23, 2017 Any other suggestions? Any other reports needed? Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156861 Share Posted August 25, 2017 Please, give me a fresh set of FRST scan logs. Multiple svchost is normal. I want to make sure that nothing out-of-the-ordinary is in your system. Link to post Share on other sites More sharing options...
Teralax Posted August 26, 2017 Author ID:1157172 Share Posted August 26, 2017 It's not that it had multiple svchost. It was using > 90% of the cpu. I was able to update the Windows update agent, and then ran the readiness tool which took all night but it repaired a lot of stuff. Windows Updates then ran and now cpu is sitting at 1% usage when idle. I think we might be clean. Here are the logs. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Valinorum Posted August 28, 2017 ID:1157806 Share Posted August 28, 2017 If you are not facing any issue, I will mark the thread as solved. Link to post Share on other sites More sharing options...
Teralax Posted August 28, 2017 Author ID:1157884 Share Posted August 28, 2017 Sounds good. I wasn't sure if I could do that. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 29, 2017 Root Admin ID:1158101 Share Posted August 29, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts