Service Host: Network List Service...Virus?

Status
Not open for further replies.

Fedbad

New Member
Thread author
Dec 28, 2022
5
Dell 7390 running exclusively on cellular internet connection. After recent Windows update...
1. Abnormal delay in online connection(3 minutes). Then once connected, it disconnects and does the(3 minute) reconnection again. During this connection process, excessive CPU usage by Service Host: Network List Service(25%+).Then SVC Host goes to zero and everything runs fine.
2. Prior to update, Has had excessive CPU usage by (Service Host: Network List Service(25%+).

Is this a virus?
How can I remove it if so?
How vulnerable to intrusions am I on a cellular connection vs. wi-fi/other?
Best solution to avoid this in the future if I am infected?
I'm pretty low-tech so please speak slowly.

Malwarebytes and FRST reports below:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2022
Ran by ME (28-12-2022 15:34:37)
Running from C:\Users\ME\Downloads
Microsoft Windows 10 Pro Version 20H2 19042.2364 (X64) (2022-12-25 01:27:02)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2262027460-4188214812-502377229-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2262027460-4188214812-502377229-503 - Limited - Disabled)
Guest (S-1-5-21-2262027460-4188214812-502377229-501 - Limited - Disabled)
ME (S-1-5-21-2262027460-4188214812-502377229-1001 - Administrator - Enabled) => C:\Users\ME
WDAGUtilityAccount (S-1-5-21-2262027460-4188214812-502377229-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Panda Dome (Enabled - Up to date) {8EE5B6CC-D555-4755-164C-336E561DE601}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 108.1.46.144 - Brave Software Inc)
Dell SupportAssist (HKLM\...\{B5DCDCBD-BBB3-4A09-A496-E2FB05EC56CE}) (Version: 3.13.0.236 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{5B678BC6-D551-458B-893D-B442B21ECD21}) (Version: 5.5.4.16189 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{dc44ee3f-d6c1-444d-a660-b0f1ac90b51d}) (Version: 5.5.4.16189 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.216 - ALPSALPINE CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{7659273F-0EB6-4ECB-BC7D-5889F3FD3075}) (Version: 1.0.562 - LogMeIn, Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2235.3.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{6AD1E885-36E0-4156-8492-8F97C1692259}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A2A7C3E9-E78A-4890-BE66-F41B69932FDB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{FDE727F2-B48C-4A79-B9BD-635AE948D7A2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.65.245.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.65.245.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{1be68cd9-7dbd-4481-816f-a0a7ec6359bd}) (Version: 1.65.245.0 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{d7ef8d9d-bcfe-4b24-9d00-dcd597e0fae2}) (Version: 22.130.0.5 - Intel Corporation) Hidden
LibreOffice 7.2.4.1 (HKLM\...\{BB7C5E72-36E2-4455-96F7-2DC1D9586AF4}) (Version: 7.2.4.1 - The Document Foundation)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM-x32\...\{67950e91-8f8f-4d75-9252-7cca68ccdacc}) (Version: 6.0.9.31619 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2262027460-4188214812-502377229-1001\...\OneDriveSetup.exe) (Version: 22.238.1114.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{0F36B110-DAAC-4A9E-9A33-8B3764FD11F1}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{1A249250-9DE9-4D51-8E28-528586D5C205}) (Version: 12.0.0.0 - Intel Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{5394BFC2-EA73-4BD5-83DC-9CE8A816546B}) (Version: 11.56.10 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 21.01.00.0000 - Panda Security)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Sierra Wireless Dell Mobile Broadband Driver Package (HKLM\...\SWIDellDrvInstaller) (Version: 7.54.4799.0502 - Sierra Wireless, Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2022-12-24] (Microsoft Corporation)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.13.5.0_x64__htrsf667h5kn2 [2022-12-24] (Dell Inc)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4232.0_x64__8j3eq9eme6ctt [2022-12-24] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-12-24] (INTEL CORP)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2022-12-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-12-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-12-24] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-12-24] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2022-12-24] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0 [2021-02-24] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2262027460-4188214812-502377229-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-12-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-12-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-12-24 14:27 - 2022-12-24 14:28 - 041845248 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4232.0_x64__8j3eq9eme6ctt\IGCC.dll
2018-03-08 06:18 - 2018-03-08 06:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 19:57 - 2020-11-11 19:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2018-02-06 16:25 - 2018-02-06 16:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 11:10 - 2018-03-23 11:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 03:19 - 2021-02-17 03:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 04:45 - 2021-12-17 04:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 07:55 - 2016-12-18 07:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.52\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.52\BHO\ie_to_edge_bho.dll => No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 20:49 - 2019-03-18 20:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2262027460-4188214812-502377229-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.177.0.34 - 10.177.0.210
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-2262027460-4188214812-502377229-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2262027460-4188214812-502377229-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2262027460-4188214812-502377229-1001\...\StartupApproved\Run: => "Opera Stable"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{09445BE5-5833-4367-8034-DE49915A9B6B}] => (Allow) C:\Users\ME\AppData\Local\Programs\Opera\94.0.4606.38\opera.exe => No File
FirewallRules: [{2E5FFA23-2BE3-4C40-BBCA-9BA7BA2587DB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9804164-D714-438A-B2EE-DDF551A8100B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D1D9DD9F-4678-4817-AAA8-206A18FA324E}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{9701CCB6-B9A0-436A-BE8E-5A3BA686F23F}] => (Allow) C:\Users\ME\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{8EFFEF29-FACC-421D-B8E5-D6451A0D03D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C88DF782-6841-4666-9D5C-62D0F42B4931}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5EDAFE0-193A-4DCB-AEFB-7E3003AB9C7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A6F8427F-DF14-436A-A138-57392C0BC2D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DD9BA52A-5D29-4A16-BBF8-C5D5EE11C4DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{552C99B6-7E09-44FF-AE62-724970041897}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{455711BA-C5D4-4499-81B5-3EE6DA7C9B0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6F8B539-A241-40FA-8FB3-710639A62C34}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
28-12-2022 13:35:02 Intel(R) Trusted Connect Services Client
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/28/2022 03:30:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 23.12.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 27f0
Start Time: 01d91b13a37b2744
Termination Time: 3
Application Path: C:\Users\ME\Downloads\FRST64.exe
Report Id: ee295efa-395c-4e93-8413-a8909ad10f4f
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (12/28/2022 01:45:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1949 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1658
Start Time: 01d91b05480f5c21
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: f8fb3efa-a0b0-434b-b6a6-195f08e1f362
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Cross-process
Error: (12/27/2022 11:00:40 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (12/27/2022 10:30:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.2364 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2658
Start Time: 01d91a852fa659d6
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 8d3106a7-9215-4f88-b7f1-6db57b4612fe
Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Cross-thread
Error: (12/27/2022 10:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1949 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3a14
Start Time: 01d91a850cd04f78
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id:
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Navigation
Error: (12/27/2022 10:24:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1949 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2908
Start Time: 01d91a83d6735cea
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 1e71ed66-0f67-4de6-879b-e0960958b3c3
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Cross-process
Error: (12/27/2022 10:17:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.2364 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 10f8
Start Time: 01d91a836b7d6c04
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 07d97ce9-2d3b-45bb-8802-64eb91d359f4
Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Cross-thread
Error: (12/27/2022 10:14:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1949 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 32bc
Start Time: 01d91a834f735834
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id:
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Navigation
System errors:
=============
Error: (12/28/2022 02:38:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MessagingService_3330d service terminated with the following error:
The device is not ready.
Error: (12/28/2022 01:44:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6LPKAGC)
Description: The server microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (12/28/2022 01:42:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
Error: (12/28/2022 01:41:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MessagingService_3330d service terminated with the following error:
The service has not been started.
Error: (12/27/2022 10:16:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
Error: (12/27/2022 10:14:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-6LPKAGC)
Description: The server microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (12/27/2022 10:12:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
Error: (12/27/2022 10:11:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MessagingService_355ed service terminated with the following error:
The service has not been started.
Windows Defender:
================
Date: 2022-12-24 17:38:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-12-28 15:17:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.30.0 11/20/2022
Motherboard: Dell Inc. 09386V
Processor: Intel(R) Core(TM) i5-8350U CPU @ 1.70GHz
Percentage of memory in use: 77%
Total physical RAM: 8070.34 MB
Available physical RAM: 1855.93 MB
Total Virtual: 27526.34 MB
Available Virtual: 19029.26 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.09 GB) (Free:141.72 GB) (Model: SK hynix SC311 SATA 256GB) NTFS
\\?\Volume{8e5883d0-0e36-479b-995a-4b3797b8ca5c}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{b9028a90-70f1-4ebc-b105-dd43370a1d4a}\ () (Fixed) (Total:0.75 GB) (Free:0.08 GB) NTFS
\\?\Volume{f3da0a76-1569-402b-9848-1bb8c7e487bf}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/28/22
Scan Time: 3:16 PM
Log File: 97d7e5fc-8705-11ed-9ce2-c8f75015a0b3.json

-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.63957
License: Trial

-System Information-
OS: Windows 10 (Build 19042.2364)
CPU: x64
File System: NTFS
User: DESKTOP-6LPKAGC\ME

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 265963
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Attachments

  • FRST.txt
    44.1 KB · Views: 12
  • Malware scan 12-2822.txt
    1.2 KB · Views: 13
  • Like
Reactions: vtqhtr413

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Now:

1 - Clean the Windows Defender Quarantine folder.

Comment: Delete/Restore quarantined files.

How to: Delete/Restore quarantined files.

Follow the directives on the page to delete all the files in the quarantine folder.

Restart the computer when done.
<<<>>>

Please post the Fixlog.txt.

Let me know what problem persists.
 

Attachments

  • Fixlist.txt
    2.9 KB · Views: 16

Fedbad

New Member
Thread author
Dec 28, 2022
5
Yes. Thanks for checking in. I responded to your last message by email instead of the forum here...oops. Still having the problem and was not able to execute your Defender delete/repair process. Malwarebytes has defended a trojan attempt on 12/30/22. No other trojan log since but Network Host Service issue/cpu usage persists. Please Help!
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hi,

It's been awhile so please run a scan with the Farbar program and attach both the FRST.TXT and Additional.txt logs for an other review.
 

Fedbad

New Member
Thread author
Dec 28, 2022
5
OK...that same trojan that attempted access on 12/30/22, tried again yesterday. Malwarebytes stopped it.
Here you are:
Thank you
 

Attachments

  • FRST.txt
    45.3 KB · Views: 8
  • Addition.txt
    25.5 KB · Views: 8

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt this time so I can see what was removed.

Let me know what problem persists.

p.s.

If the problem persists and Chrome is Synced with other Devices reset it.



Execute the suggested fix.

Restart the computer normally.

Do not enable it able it if the problem returns. Wait for me to see the Fxlog.txt
===========
 

Attachments

  • Fixlist.txt
    1.2 KB · Views: 9
Last edited:

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hi,

Sorry for this long delay. Do you still need help.?
 

Fedbad

New Member
Thread author
Dec 28, 2022
5
Thanks for checking in. I think I owed you a response to your last message. We had a bout of illness run through the house. Yes, I still need help. I'll work on performing your last suggested scan and post the report here in the next couple days. Thanks very much.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top