CLOSED EEK FRST Scan Reports following System Lockups

[DRM 0]

My HP Pavillion dv7-7135us has been freezing up lately with no warning and no visible symptoms other than I return to it after a few hours and find it frozen.  The only remedy is to power down.

EEK and FRST files are attached.

 

I tried to scrupulously follow the instructions. EEK did not display the same choices as the instructions, but I tried to get a clean scan, without changing any parameters after the sw updated itself. 

FRST showed no anomalies on operation.

Addition.txt

FRST.txt

a2scan_190112-100254.txt

[Kevin Zoll 309]

DRM,

Please update EEK.  The scan report indicates that no update was conducted.  Therefore the scan results are not reliable.

Once EEK is finished updating, run a Malware Scan.  Attach the new EEK scan report to your reply.

[DRM 0]

Thank you, Mr. Zoll.

 

   Ran it just now.  EEK said it was updated, and I ran the Malware scan, per the instructions. 

   It did not offer me the chance to make sure PUPs was checked.

   Results attached.  It only found one infection, versus 4 or 5 last time.

scan_190112-203042.txt

[Kevin Zoll 309]

Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.

Start::
HKU\S-1-5-21-1123327017-3724100226-3295280940-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1123327017-3724100226-3295280940-1000\...\MountPoints2: I - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.exe
HKU\S-1-5-21-1123327017-3724100226-3295280940-1000\...\MountPoints2: {5b03cb5c-ae5c-11e4-af8e-c01885cc0f7f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.exe
HKU\S-1-5-21-1123327017-3724100226-3295280940-1000\...\MountPoints2: {6ded3725-323e-11e6-bb75-c01885cc0f7f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.exe
HKU\S-1-5-21-1123327017-3724100226-3295280940-1000\...\MountPoints2: {a519621e-3286-11e7-820a-c01885cc0f7f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1123327017-3724100226-3295280940-1000\...\MountPoints2: {ba1faa53-06a5-11e2-be8f-c01885cc0f7f} - G:\HPLauncher.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{0CE7EBAF-157D-4111-9146-057CB2A4023E}] -> msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2017-07-31] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk [2016-08-07]
ShortcutTarget: PGP Tray.lnk -> C:\Windows\Installer\{84D84040-8C77-4B32-A7B6-92F1F88D3B3B}\Icon6560581611.exe ()
2018-12-28 17:26 - 2018-12-28 17:26 - 000003114 _____ C:\Windows\System32\Tasks\{A30A61FF-E252-49D0-8ACA-1D8086150B9E}
2018-12-28 13:45 - 2018-12-28 13:45 - 000003102 _____ C:\Windows\System32\Tasks\{00306B02-D1C4-4B16-B483-BA31EBEAF2F1}
2018-12-28 13:37 - 2018-12-28 13:37 - 000003108 _____ C:\Windows\System32\Tasks\{0491D538-B6FE-4683-B048-F812CDAE3DC4}
2018-09-14 12:40 - 2018-09-14 12:40 - 000000720 _____ () C:\Program Files (x86)\LMIR0B9B8001.tmp.bat
2018-09-14 12:40 - 2018-09-14 12:40 - 000000526 _____ () C:\Program Files (x86)\LMIR0B9B8001.tmp_r.bat
2018-11-24 06:51 - 2018-11-24 06:51 - 000000000 _____ () C:\Users\DRM\AppData\Local\{98587E56-985E-46CF-82B8-DDDF9C6B94E8}
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {09BE4BB7-394F-479E-A3A4-902A4F44F44C} - System32\Tasks\{E9AFDA6E-B3A2-4DDF-8E56-53978467B859} => C:\Windows\system32\pcalua.exe -a "H:\Stash\FolderMatch\FM 350\fm350install.exe" -d "H:\Stash\FolderMatch\FM 350"
Task: {0AEBF5A9-B82C-4374-9EDA-B4E71BF01C3B} - System32\Tasks\{95BF6270-E7DE-4EEE-A27E-31A50C4743EE} => C:\Windows\system32\pcalua.exe -a "G:\Data\Stash\World Watch\DLM.exe" -d "G:\Data\Stash\World Watch"
Task: {1F6C55CC-292A-4548-9823-3B06AC9C02B5} - System32\Tasks\{22EE1DC6-9FFE-4259-9A3C-245D5FBB124B} => C:\Windows\system32\pcalua.exe -a "C:\Users\DRM\Downloads\stamps 10-51.exe" -d C:\Users\DRM\Downloads
Task: {32484615-30DC-431F-91E1-9EB7575E3C71} - System32\Tasks\{4A64DE69-1749-46B0-BD91-C217E5D23405} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\710_b042_multilanguage.exe -d C:\Users\DRM\Downloads
Task: {3A777C95-9614-4E82-9268-6B1725483665} - \MasterSeeker.UACBypass.7008f6f52001de362d701fb79e152fd8 -> No File <==== ATTENTION
Task: {6C432C4A-C706-4EB9-BD8E-27B780C4CAE4} - System32\Tasks\{FA96948C-6F72-4B82-A7E1-BDF4028F1B2C} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\ofw2016(3).exe -d C:\Users\DRM\Downloads
Task: {6F9ECA70-1EF1-45A1-8452-D5A9AC53A462} - System32\Tasks\{4C74F201-EB35-48B7-92C2-DB0BAF85AEB4} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\stamps12.exe -d C:\Users\DRM\Downloads
Task: {71175137-7BCE-4B22-ABF9-6120E20E7576} - System32\Tasks\{F85F9BE1-9785-415C-8761-B4BF5179F5AD} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\FirmwareFlashLauncher.exe -d C:\Users\DRM\Downloads
Task: {7966246B-4E1B-4625-A95C-7D07357F999F} - \UpSafe GMail Backup Task -> No File <==== ATTENTION
Task: {A25E4654-91E0-4D3B-B55D-4290E54594E4} - System32\Tasks\{0491D538-B6FE-4683-B048-F812CDAE3DC4} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\setup(5).exe -d C:\Users\DRM\Downloads
Task: {A4A25CF7-F44E-4104-9A49-0EFAAB5C1CDA} - System32\Tasks\{84209F6C-5701-404B-AC6A-9AC29266811F} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\TransActATSetup(2).exe -d C:\Users\DRM\Downloads
Task: {A9F9A083-ED4C-42DB-B678-2572DDADDEC9} - System32\Tasks\{8ACFB76E-8372-4A37-B213-25C9BCF79787} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\setup.exe -d C:\Users\DRM\Downloads
Task: {AA6F9A77-B5DD-4CF5-B4C3-44D0B7F28DF3} - System32\Tasks\{00306B02-D1C4-4B16-B483-BA31EBEAF2F1} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\setup.exe -d C:\Users\DRM\Downloads
Task: {D625B35E-6DF5-40F7-9D71-CB8455E8212C} - System32\Tasks\{765068BF-9068-4267-8F64-E31E58FAE1EA} => C:\Windows\system32\pcalua.exe -a "C:\Users\DRM\Downloads\PrintEco Setup 3-4-14.exe" -d C:\Users\DRM\Downloads
Task: {F70DED97-2305-4AD0-BCF5-81FE9D049992} - System32\Tasks\{9A95A630-5CE9-4E6D-8F2E-4941A85B0C31} => C:\Windows\system32\pcalua.exe -a C:\Users\DRM\Downloads\stamps.exe -d C:\Users\DRM\Downloads
Task: {F9E72B72-2C00-4386-B664-690AFBA1B28B} - System32\Tasks\{A30A61FF-E252-49D0-8ACA-1D8086150B9E} => C:\Windows\system32\pcalua.exe -a "C:\Users\DRM\Downloads\setup (1).exe" -d C:\Users\DRM\Downloads
AlternateDataStreams: C:\Windows:nlsPreferences [642]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [442]
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81 [248]
AlternateDataStreams: C:\ProgramData\TEMP:B801D4E2 [256]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3 [242]
End::

[DRM 0]

Mr. Zoll,

 

   Done.

 

File is attached.

 

DRM

Fixlog.txt

[Kevin Zoll 309]

Run a fresh scan with FRST, make sure that Addtions.txt is selected.  Attach the new FRSTscan reports to your reply.

[DRM 0]

Done again.

File attached.

 

Addition.txt

[Kevin Zoll 309]

The Additons.txt looks fine.  Can I get the FRST.txt report as well?

[DRM 0]

Ask, and ye shall receive .

scan_190115-173642.txt

[Kevin Zoll 309]

Your logs look fine.

How are things running?

[DRM 0]

It froze yesterday, and I rebooted it this morning (I left it frozen overnight), but it seems better today.

Did you find anything that could be related to my freezing problem?

[Kevin Zoll 309]

As far as I can tell from looking at the Events log in the Additions.txt, it appears to be your display drivers that are at fault.  Update the drivers for your graphics card.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread