Kevin Zoll

Hyadn, Yes, that appears to belong to the Intel chipset update service. Good to hear that updating the chipset resolved the issue.

Do not reply to the notification emails you receive when a reply has been made to your support thread, they are informational only. Attach your logs to your reply to this post.

I have sent you a private message. I will handle this via our forum PM system.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3829397764-3741061613-3343187736-1001\...\Run: [Power2GoExpress8] => [X] GroupPolicy: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION SearchScopes: HKU\S-1-5-21-3829397764-3741061613-3343187736-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] C:\Users\Public\VOIP.dat 2013-06-04 11:30 - 2013-06-04 11:30 - 0050432 ____R () C:\Users\Liz\AppData\Local\Temp\Extract.exe 2016-04-30 13:49 - 2014-03-13 15:06 - 6730304 _____ (Foxit Corporation) C:\Users\Liz\AppData\Local\Temp\Foxit PhantomPDF Updater.exe 2016-06-23 08:13 - 2014-03-13 15:06 - 6730304 _____ (Foxit Corporation) C:\Users\Liz\AppData\Local\Temp\FoxitUpdater.exe 2016-07-21 07:33 - 2016-09-29 07:47 - 0621088 _____ (HP Inc.) C:\Users\Liz\AppData\Local\Temp\HPSFUpdater.exe 2016-04-20 09:05 - 2012-09-27 10:15 - 0865424 ____N (CANON INC.) C:\Users\Liz\AppData\Local\Temp\MSETUP4.EXE 2017-06-18 02:53 - 2017-06-18 07:42 - 0004608 _____ () C:\Users\Liz\AppData\Local\Temp\ndrljcaq.dll 2010-03-19 16:02 - 2010-03-19 16:02 - 0149352 ____R (Microsoft Corporation) C:\Users\Liz\AppData\Local\Temp\ose00000.exe 2016-06-29 09:25 - 2016-06-29 09:25 - 5642904 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP68290.exe 2016-06-29 08:20 - 2016-06-29 08:20 - 18377448 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP68953.exe 2016-06-09 09:31 - 2016-06-09 09:31 - 176630696 _____ (Hewlett-Packard ) C:\Users\Liz\AppData\Local\Temp\SP71606.exe 2016-05-31 02:34 - 2016-05-31 02:34 - 33564736 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP71839.exe 2016-04-29 14:43 - 2016-04-29 14:43 - 3334328 _____ (Hewlett Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP71864.exe 2016-05-18 09:51 - 2016-05-18 09:51 - 35370936 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP72498.exe 2016-05-12 13:06 - 2016-05-12 13:06 - 58229368 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP72904.exe 2016-03-18 02:31 - 2016-03-18 02:31 - 61384032 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP73250.exe 2016-06-22 08:39 - 2016-06-22 08:39 - 25529576 _____ (Hewlett-Packard ) C:\Users\Liz\AppData\Local\Temp\SP73263.exe 2016-04-29 08:48 - 2016-04-29 08:48 - 46334760 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP73297.exe 2016-03-04 04:27 - 2016-03-04 04:27 - 101757112 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP74040.exe 2016-06-20 12:13 - 2016-06-20 12:13 - 303430096 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP74094.exe 2016-06-30 05:04 - 2016-06-30 05:04 - 11988328 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP74481.exe 2016-07-01 02:49 - 2016-07-01 02:49 - 154644976 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP74933.exe 2016-06-30 19:43 - 2016-06-30 19:43 - 18819600 _____ (HP Company ) C:\Users\Liz\AppData\Local\Temp\SP75104.exe 2016-07-07 02:53 - 2016-07-07 02:53 - 291201128 _____ (Hewlett-Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP75144.exe 2016-06-29 21:43 - 2016-06-29 21:43 - 3330016 _____ (Hewlett Packard Company ) C:\Users\Liz\AppData\Local\Temp\SP75561.exe 2016-09-20 04:48 - 2016-09-20 04:48 - 127938016 _____ (HP Inc ) C:\Users\Liz\AppData\Local\Temp\SP77117.exe 2016-10-18 14:41 - 2016-10-18 14:41 - 43462984 _____ (HP Inc. ) C:\Users\Liz\AppData\Local\Temp\sphpsa.exe 2016-04-20 09:06 - 2012-07-27 08:22 - 0353944 _____ (CANON INC.) C:\Users\Liz\AppData\Local\Temp\uninstall.exe 2016-10-20 13:09 - 2016-08-23 08:30 - 0167456 _____ (HP Inc.) C:\Users\Liz\AppData\Local\Temp\UninstallHPSA.exe ContextMenuHandlers02: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File ContextMenuHandlers03: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers06: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.

Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running.

Hello, I have sent you a private message. I will handle this request via the forum PM system.

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Hello, Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2015-11-19 14:14 - 2015-11-19 14:14 - 0000000 _____ () C:\Users\Joann\AppData\Local\Driver_LOM_8161Present.flag 2016-07-06 20:47 - 2016-07-06 20:47 - 0198656 _____ () C:\ProgramData\pollev_xp_util.exe C:\ProgramData\pollev_xp_util.exe ContextMenuHandlers02: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File ContextMenuHandlers03: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File ContextMenuHandlers06: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.

Hello gimnicher, Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you with fixing your problems. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. Take note of some guidelines for this support request: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean." We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be attached to the reply. Set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Download to your Desktop: - Emsisoft Emergency Kit - Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system, if you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. Do not run anything in "Safe Mode," unless you are instructed to do so by the Malware Removal Specialist handling your case. Do not force Safe Mode. Instructions on How to Boot to "Safe Mode" can be found at: [url=http://www.malwareteks.com/kb/SafeMode.php]http://www.malwarete...kb/SafeMode.php[/url] Let's get started: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit Scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Create a new topic in our Help, my PC is infected! forum and attach the following logs to your post: Emsisoft Emergency Kit log (C:\EEK\Reports\) FRST.txt Addition.txt (NOTE: if you need to attach the logs to a reply to an existing topic, then you will need to use the More Reply Options button to the lower-right of where you type in your reply in order to see the controls for attaching files) The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

If you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a check mark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin Download to your Desktop: - CCleaner Portable UnZip CCleaner Portable to a folder on your Desktop named CCleaner Run CCleaner Open the CCleaner Folder on your Desktop and double-click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit) Click "Options" and choose "Advanced" Uncheck "Only delete files in Windows Temp folders older than 24 hours" Then go back to "Cleaner" and click the "RunCleaner" button. Exit CCleaner. You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety How Did I Get Infected? That should take care of everything. Safe Surfing!

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Bob, Use Chrome and let me know if it still has the same issue. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2017-06-28 18:55 - 2017-06-28 18:55 - 00002308 _____ C:\WINDOWS\System32\Tasks\{1E787D12-4BFB-4018-9726-C808F4345D95} Task: {36011272-B041-4322-8AC5-D5C00B8120D7} - \{07E5224B-CAD3-4D63-982E-BA257EDBAD3B} -> No File <==== ATTENTION Task: {6ED129CA-CD1F-4BD8-935A-E52EF77D0808} - \{6C21084B-9BA1-4E5A-95F1-ADC15E36427E} -> No File <==== ATTENTION Task: {CF544F60-9C7D-4EB1-9385-84C23610F9FD} - \{7739370D-92EE-4F4C-82E9-2D43857DCF84} -> No File <==== ATTENTION Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.

Thread Closed Reason: Receiving help via the PM System PM either Kevin, Elise, or Arthur to have this thread reopened.

AdwCleaner and JRT did not find much. Changing tools. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. • Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. • Right-click RogueKiller.exe and select Run As Administrator to run the tool. • Once the Prescan has finished, click Scan. • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.