User Tag List

Acer Laptop PC slow

This is a discussion on Acer Laptop PC slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, The problem is that my Acer PC laptop has got very slow over the last few weeks. - The


 
 
Thread Tools Search this Thread
Old 07-02-2017, 02:01 PM   #1
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Hi,
The problem is that my Acer PC laptop has got very slow over the last few weeks.

- The issue started mainly with MS Word which was shutting down several times with message: 'there was a problem sending the command to the program'
- in the last 2 weeks this message has not appeared but I still find MS Wrod is the slowest program.
- I only use less than 25% of the hard drive capacity.
- Live Updater with 1 software update has not been able to install for more than 1 year, keeps failing - the update is Intel VGA Driver
- I use CCleaner to clean files and registry
- I recently started using Speed It Up Free, but not much difference.
- 90-95% of my personal data is stored on an external hard drive.

I look forward to your guidance.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.31.2
Run by gpuri at 22:13:25 on 2017-06-29
Microsoft Windows 10 Home 10.0.14393.0.1252.61.1033.18.1861.784 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\ChgService.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\WINDOWS\system32\igfxext.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Wallpaper Master\Wallpaper Master Pro.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\RadioController\RfBtnHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer13.msn.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [Spotify Web Helper] "C:\Users\gpuri\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\gpuri\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Wallpaper Master] C:\Program Files (x86)\Wallpaper Master\Wallpaper Master Pro.exe
uRun: [SpeedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{149ba74b-163a-42e0-9691-79e8ca0b7425} : DHCPNameServer = 151.236.18.156 8.8.8.8
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\2516B656378602055727962E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\255646D696 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\4456F60224167686 : DHCPNameServer = 192.168.1.251
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\4556C63747271602149627 : DHCPNameServer = 192.168.182.100 192.168.182.200
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\5446765677963756D223 : DHCPNameServer = 10.10.200.9
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\64F6E60275966496 : DHCPNameServer = 192.168.182.100 192.168.182.200
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\84246505C4 : DHCPNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\8507562796160234F583569366 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\E4567745F6C44555 : DHCPNameServer = 131.172.2.2 131.172.4.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-1-4 645952]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-3 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-30 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 MpKslb3c06ab7;MpKslb3c06ab7;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\MpKslb3c06ab7.sys [2017-6-28 44928]
R1 mwlPSDFilter;mwlPSDFilter;C:\WINDOWS\System32\drivers\mwlPSDFilter.sys [2012-11-30 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\WINDOWS\System32\drivers\mwlPSDNserv.sys [2012-11-30 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\WINDOWS\System32\drivers\mwlPSDVDisk.sys [2012-11-30 62776]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 Change Modem Device Service;Change Modem Device Service;C:\ProgramData\ChgService.exe [2014-6-10 114688]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-13 350544]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2015-10-16 144072]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-4 165760]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2015-10-14 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-11-3 259136]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-5 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\drivers\bScsiSDa.sys [2012-8-14 70744]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-10-23 658064]
R3 ETD;ELAN Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2015-10-16 525512]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-11-30 342528]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2016-7-16 446464]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2016-7-16 3343872]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [2013-1-4 26736]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-30 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-12 174160]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 ggflt;SOMC USB Flash Driver Filter;C:\WINDOWS\System32\drivers\ggflt.sys [2014-9-16 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\WINDOWS\System32\drivers\ggsomc.sys [2014-9-16 30424]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-15 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\WINDOWS\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-13 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-5 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-17 719872]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-17 258560]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-3 43520]
.
=============== Created Last 30 ================
.
2017-06-28 13:22:47 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-28 13:18:20 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\MpKslb3c06ab7.sys
2017-06-28 11:11:59 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\mpengine.dll
2017-06-27 10:02:57 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-25 00:39:26 503808 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll
2017-06-25 00:39:18 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-25 00:39:15 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-25 00:39:11 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-25 00:39:10 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-25 00:39:09 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-25 00:39:05 773120 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2017-06-25 00:39:05 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-25 00:39:05 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-25 00:39:05 1988096 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2017-06-25 00:39:01 2997760 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-06-25 00:39:00 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-24 12:16:19 -------- d-----w- C:\Program Files (x86)\Driver Detective
2017-06-24 12:00:50 903680 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2017-06-24 12:00:50 3403264 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-06-24 12:00:49 2538496 ----a-w- C:\WINDOWS\System32\mssrch.dll
2017-06-24 12:00:49 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-24 11:59:07 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2017-06-24 11:57:53 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-24 11:57:43 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-24 11:57:42 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-24 11:57:41 932864 ----a-w- C:\WINDOWS\System32\kerberos.dll
2017-06-24 11:57:41 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-24 11:57:40 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-06-24 11:57:38 4744704 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-06-24 11:57:37 8125440 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-06-24 11:57:37 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-24 11:57:31 2510848 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2017-06-24 11:56:11 834048 ----a-w- C:\WINDOWS\System32\win32spl.dll
2017-06-24 11:56:11 1131008 ----a-w- C:\WINDOWS\System32\localspl.dll
2017-06-24 11:56:08 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-24 11:56:08 100864 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2017-06-24 11:56:05 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-24 11:56:04 38752 ----a-w- C:\WINDOWS\System32\OOBEUpdater.exe
2017-06-24 11:54:50 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-24 11:54:22 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-24 11:54:14 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-24 11:54:01 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-24 11:53:41 351744 ----a-w- C:\WINDOWS\System32\hnetcfg.dll
2017-06-24 11:53:26 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-24 11:53:23 975872 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-24 11:53:13 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-24 11:53:12 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-24 11:53:12 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-24 11:53:11 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-24 11:51:09 856064 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-06-24 11:51:08 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-24 11:51:01 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-24 11:50:56 2475520 ----a-w- C:\WINDOWS\System32\DWrite.dll
2017-06-24 11:50:55 1845248 ----a-w- C:\WINDOWS\System32\FntCache.dll
2017-06-24 11:50:26 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-24 11:50:25 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-24 11:50:13 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-24 11:44:05 886784 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2017-06-24 11:44:05 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-24 11:44:04 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-24 11:44:04 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-24 11:44:04 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-24 11:44:03 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-24 11:43:55 1418240 ----a-w- C:\WINDOWS\System32\certutil.exe
2017-06-24 11:42:59 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-24 11:41:02 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-24 11:41:02 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-24 11:41:02 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-24 11:41:00 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-24 11:41:00 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-24 11:40:49 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-24 11:40:49 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-24 11:40:40 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-24 11:40:40 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-24 11:40:16 64512 ----a-w- C:\WINDOWS\System32\fdProxy.dll
2017-06-24 11:39:11 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-24 11:39:11 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-24 11:39:11 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-24 11:39:10 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-24 10:54:29 -------- d-----w- C:\Program Files (x86)\Display
2017-06-24 10:22:16 -------- d-----w- C:\Program Files (x86)\Display Offer
2017-06-24 10:20:42 -------- d---a-w- C:\Program Files (x86)\SpeedItup Free
2017-06-24 10:20:42 -------- d-----w- C:\WINDOWS\SpeedItup Free
2017-06-24 10:04:42 -------- d-----w- C:\Users\gpuri\AppData\Local\The_PC_Optimizer
2017-06-11 08:24:51 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{458C275B-7C3C-4971-960B-D71880500066}\gapaengine.dll
2017-06-03 13:38:58 17404160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
==================== Find3M ====================
.
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 1040 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:57 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:09:13 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-03 09:08:28 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:07:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-03 0906 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2017-06-03 09:04:36 6042624 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-06-03 09:04:06 2006528 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2017-06-03 08:54:44 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2017-06-03 08:51:36 266752 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2017-06-03 08:50:43 641024 ----a-w- C:\WINDOWS\System32\wbem\NetAdapterCim.dll
2017-06-03 08:49:39 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2017-06-03 08:49:34 1513472 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-06-03 08:49:09 3615744 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-06-03 08:48:49 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2017-06-03 08:48:34 391168 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2017-06-03 08:40:59 483840 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2017-06-03 06:36:03 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-06-01 11:20:38 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-05-11 09:58:25 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
.
============= FINISH: 22:17:15.36 ===============
Attached Files
File Type: txt attach.txt (9.8 KB, 9 views)
jackson_gp7 is offline  
Sponsored Links
Advertisement
 
Old 07-04-2017, 09:47 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Not all slowness issues are caused by malware. We'll see what turns up.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

SpeeditupFree<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files (x86)\SpeedItup Free

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-08-2017, 03:49 AM   #3
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Hi,

I posted this about 1 week ago but did not realise that I was not subscribed to get instant notifications. I hope it works this time. Note: the system automatically defaults to daily notification, shoudl the default be 'instant'?
I am re-posting the same post but have added further comments and scan results......


The problem is that my Acer PC laptop has got very slow over the last month or more.

- The issue started mainly with MS Word which was shutting down several times with message: 'there was a problem sending the command to the program'
- in the last 2 weeks this message has not appeared but I still find MS Word is the slowest program.
- I only use less than 25% of the hard drive capacity.
- Live Updater with 1 software update has not been able to install for more than 1 year, keeps failing - the update is Intel VGA Driver
- I use CCleaner to clean files and registry
- I recently started using Speed It Up Free, but not much difference.
- 90-95% of my personal data is stored on an external hard drive.

>>>>>>>>>
I have since:
Uninstalled Speeditupfree
Stopped using CCleaner Registry cleanup
Completed immunisation using Spybot
Completed a system scan using Spybot - why does my Spybot take so long to scan? it starts off showing 600+ minutes to scan then gradually decreases but I would estimate it takes about 3 hours - which is not what I expected. Scan attached for your interest. - Is Sybot worthwhile to use or should I use another alternative on a regular (weekly basis).?
Completed a scan with AdwCleaner and provide the contents of the log below
Attached FRST.txt and Addition.txt
I noticed since the above scans that Torch browser was deleted, since MS Word opens very fast.
I tried Live Updater again but the VGA driver update mentioned above still did not install.
I am curious to know do I need to defrag my hard drive and external hard drive? If so, should I use the free program discussed in your sticky thread which I saw recently?
Regarding my external hard drive I am concerned that it keeps making noises and searching / reading. Most of the time it is fine no major issues but I am concerned one day it will not load and I may lose my back up. I currently back up my external Hard drive on my desktop PC once in 3 months. Do you have any advice on maintenance of external hard drive? It is 1 TB and I have used about 350MB.
Lastly, I use Avira free antivirus on my desktop PC. Is it worth it or useless? Should I have the same or similar antivirus on my Acer laptop which currently does not have any anti-virus software.


I look forward to your further guidance.
Thank you.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.31.2
Run by gpuri at 22:13:25 on 2017-06-29
Microsoft Windows 10 Home 10.0.14393.0.1252.61.1033.18.1861.784 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\ChgService.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\WINDOWS\system32\igfxext.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Wallpaper Master\Wallpaper Master Pro.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\RadioController\RfBtnHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer13.msn.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [Spotify Web Helper] "C:\Users\gpuri\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\gpuri\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Wallpaper Master] C:\Program Files (x86)\Wallpaper Master\Wallpaper Master Pro.exe
uRun: [SpeedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{149ba74b-163a-42e0-9691-79e8ca0b7425} : DHCPNameServer = 151.236.18.156 8.8.8.8
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\2516B656378602055727962E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\255646D696 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\4456F60224167686 : DHCPNameServer = 192.168.1.251
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\4556C63747271602149627 : DHCPNameServer = 192.168.182.100 192.168.182.200
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\5446765677963756D223 : DHCPNameServer = 10.10.200.9
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\64F6E60275966496 : DHCPNameServer = 192.168.182.100 192.168.182.200
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\84246505C4 : DHCPNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\8507562796160234F583569366 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{fccabd9d-c821-4568-9362-7befc4aee356}\E4567745F6C44555 : DHCPNameServer = 131.172.2.2 131.172.4.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-1-4 645952]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-3 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-30 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 MpKslb3c06ab7;MpKslb3c06ab7;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\MpKslb3c06ab7.sys [2017-6-28 44928]
R1 mwlPSDFilter;mwlPSDFilter;C:\WINDOWS\System32\drivers\mwlPSDFilter.sys [2012-11-30 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\WINDOWS\System32\drivers\mwlPSDNserv.sys [2012-11-30 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\WINDOWS\System32\drivers\mwlPSDVDisk.sys [2012-11-30 62776]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 Change Modem Device Service;Change Modem Device Service;C:\ProgramData\ChgService.exe [2014-6-10 114688]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-13 350544]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2015-10-16 144072]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-4 165760]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2015-10-14 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-11-3 259136]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-5 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\drivers\bScsiSDa.sys [2012-8-14 70744]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-10-23 658064]
R3 ETD;ELAN Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2015-10-16 525512]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-11-30 342528]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2016-7-16 446464]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2016-7-16 3343872]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [2013-1-4 26736]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-30 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-12 174160]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 ggflt;SOMC USB Flash Driver Filter;C:\WINDOWS\System32\drivers\ggflt.sys [2014-9-16 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\WINDOWS\System32\drivers\ggsomc.sys [2014-9-16 30424]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-15 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\WINDOWS\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-13 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-5 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-17 719872]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-17 258560]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-3 43520]
.
=============== Created Last 30 ================
.
2017-06-28 13:22:47 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-28 13:18:20 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\MpKslb3c06ab7.sys
2017-06-28 11:11:59 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A6031DA-25AF-4FF0-82D9-AE822E1DD25B}\mpengine.dll
2017-06-27 10:02:57 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-25 00:39:26 503808 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll
2017-06-25 00:39:18 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-25 00:39:15 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-25 00:39:11 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-25 00:39:10 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-25 00:39:09 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-25 00:39:05 773120 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2017-06-25 00:39:05 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-25 00:39:05 2643968 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-06-25 00:39:05 1988096 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2017-06-25 00:39:01 2997760 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-06-25 00:39:00 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-24 12:16:19 -------- d-----w- C:\Program Files (x86)\Driver Detective
2017-06-24 12:00:50 903680 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2017-06-24 12:00:50 3403264 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-06-24 12:00:49 2538496 ----a-w- C:\WINDOWS\System32\mssrch.dll
2017-06-24 12:00:49 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-24 11:59:07 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2017-06-24 11:57:53 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-24 11:57:43 117760 ----a-w- C:\WINDOWS\System32\AuthBrokerUI.dll
2017-06-24 11:57:42 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-24 11:57:41 932864 ----a-w- C:\WINDOWS\System32\kerberos.dll
2017-06-24 11:57:41 353792 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2017-06-24 11:57:40 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2017-06-24 11:57:38 4744704 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-06-24 11:57:37 8125440 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-06-24 11:57:37 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-24 11:57:31 2510848 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2017-06-24 11:56:11 834048 ----a-w- C:\WINDOWS\System32\win32spl.dll
2017-06-24 11:56:11 1131008 ----a-w- C:\WINDOWS\System32\localspl.dll
2017-06-24 11:56:08 456192 ----a-w- C:\WINDOWS\System32\puiobj.dll
2017-06-24 11:56:08 100864 ----a-w- C:\WINDOWS\System32\wpninprc.dll
2017-06-24 11:56:05 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-24 11:56:04 38752 ----a-w- C:\WINDOWS\System32\OOBEUpdater.exe
2017-06-24 11:54:50 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-24 11:54:22 691200 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-06-24 11:54:14 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-24 11:54:01 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-24 11:53:41 351744 ----a-w- C:\WINDOWS\System32\hnetcfg.dll
2017-06-24 11:53:26 255488 ----a-w- C:\WINDOWS\System32\HNetCfgClient.dll
2017-06-24 11:53:23 975872 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-24 11:53:13 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-24 11:53:12 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-24 11:53:12 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-24 11:53:11 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-24 11:51:09 856064 ----a-w- C:\WINDOWS\System32\efscore.dll
2017-06-24 11:51:08 252928 ----a-w- C:\WINDOWS\System32\edputil.dll
2017-06-24 11:51:01 198144 ----a-w- C:\WINDOWS\System32\dpapisrv.dll
2017-06-24 11:50:56 2475520 ----a-w- C:\WINDOWS\System32\DWrite.dll
2017-06-24 11:50:55 1845248 ----a-w- C:\WINDOWS\System32\FntCache.dll
2017-06-24 11:50:26 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-24 11:50:25 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-24 11:50:13 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-24 11:44:05 886784 ----a-w- C:\WINDOWS\System32\CPFilters.dll
2017-06-24 11:44:05 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-24 11:44:04 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-24 11:44:04 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-24 11:44:04 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-24 11:44:03 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-24 11:43:55 1418240 ----a-w- C:\WINDOWS\System32\certutil.exe
2017-06-24 11:42:59 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-24 11:41:02 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-24 11:41:02 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-24 11:41:02 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-24 11:41:00 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2017-06-24 11:41:00 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-24 11:40:49 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-24 11:40:49 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-24 11:40:40 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-24 11:40:40 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-24 11:40:16 64512 ----a-w- C:\WINDOWS\System32\fdProxy.dll
2017-06-24 11:39:11 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-24 11:39:11 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-24 11:39:11 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-24 11:39:10 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-24 10:54:29 -------- d-----w- C:\Program Files (x86)\Display
2017-06-24 10:22:16 -------- d-----w- C:\Program Files (x86)\Display Offer
2017-06-24 10:20:42 -------- d---a-w- C:\Program Files (x86)\SpeedItup Free
2017-06-24 10:20:42 -------- d-----w- C:\WINDOWS\SpeedItup Free
2017-06-24 10:04:42 -------- d-----w- C:\Users\gpuri\AppData\Local\The_PC_Optimizer
2017-06-11 08:24:51 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{458C275B-7C3C-4971-960B-D71880500066}\gapaengine.dll
2017-06-03 13:38:58 17404160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
==================== Find3M ====================
.
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 1040 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
2017-06-03 09:10:19 261120 ----a-w- C:\WINDOWS\System32\wbem\ndisimplatcim.dll
2017-06-03 09:10:06 418304 ----a-w- C:\WINDOWS\System32\Windows.UI.BlockedShutdown.dll
2017-06-03 09:09:57 489472 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2017-06-03 09:09:50 337408 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2017-06-03 09:09:13 441344 ----a-w- C:\WINDOWS\System32\netcorehc.dll
2017-06-03 09:08:28 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-06-03 09:08:25 1221120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2017-06-03 09:07:55 552960 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2017-06-03 0906 3664384 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-06-03 09:05:25 295424 ----a-w- C:\WINDOWS\SysWow64\hnetcfg.dll
2017-06-03 09:05:10 1883648 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2017-06-03 09:04:36 6042624 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-06-03 09:04:06 2006528 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2017-06-03 08:54:44 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2017-06-03 08:51:36 266752 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2017-06-03 08:50:43 641024 ----a-w- C:\WINDOWS\System32\wbem\NetAdapterCim.dll
2017-06-03 08:49:39 2691072 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2017-06-03 08:49:34 1513472 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-06-03 08:49:09 3615744 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-06-03 08:48:49 1490432 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2017-06-03 08:48:34 391168 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2017-06-03 08:40:59 483840 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2017-06-03 06:36:03 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-06-03 06:36:03 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-06-01 11:20:38 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-05-11 09:58:25 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
.
============= FINISH: 22:17:15.36 ===============


I had to do two scans with AdwCleaner today as the first one had to shut down for some reason. I noticed the first scan found more folders while on the second scan only one folder was found. Not sure what that means if anything hence I am pasting both scans starting with the first:

# AdwCleaner v6.047 - Logfile created 08/07/2017 at 16:32:45
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-07.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : gpuri - GAURAV
# Running from : C:\Users\gpuri\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Program Files (x86)\Driver Detective


***** [ Files ] *****

File Found: C:\Users\gpuri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Found: C:\Users\gpuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\PRODUCTSETUP
Key Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Softonic
Key Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\torch
Key Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\csastats
Key Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\BrowseMark
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Framed Display
Key Found: HKCU\Software\PRODUCTSETUP
Key Found: HKCU\Software\Softonic
Key Found: HKCU\Software\torch
Key Found: HKCU\Software\csastats
Key Found: HKLM\SOFTWARE\torch
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\BrowseMark
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Framed Display
Key Found: [x64] HKCU\Software\PRODUCTSETUP
Key Found: [x64] HKCU\Software\Softonic
Key Found: [x64] HKCU\Software\torch
Key Found: [x64] HKCU\Software\csastats
Key Found: [x64] HKLM\SOFTWARE\pcv-var
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Data Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/remove-mysearchdial-toolbar-and-redirect-virus/
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/remove-mysearchdial-toolbar-and-redirect-virus/
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
Value Found: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Windows\CurrentVersion\Run [SpeedItupFree]
Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedItupFree]
Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedItupFree]
Key Found: HKCU\Software\MozillaPlugins\TorchVLC
Key Found: HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\gpuri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl
Chrome pref Found: [C:\Users\gpuri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ehjldlodmkdlooagebfnaghgmkfccipn
Chrome pref Found: [C:\Users\gpuri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb

[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]


*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5707 Bytes] - [08/07/2017 15:47:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [5319 Bytes] - [08/07/2017 16:32:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5392 Bytes] ##########



# AdwCleaner v6.047 - Logfile created 08/07/2017 at 16:39:40
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-07.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : gpuri - GAURAV
# Running from : C:\Users\gpuri\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Driver Detective


***** [ Files ] *****

[-] File deleted: C:\Users\gpuri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
[-] File deleted: C:\Users\gpuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\torch
[-] Key deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\BrowseMark
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Framed Display
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\torch
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\torch
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\BrowseMark
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Framed Display
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\torch
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[-] Key deleted: [x64] HKLM\SOFTWARE\pcv-var
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Data restored: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/remove-mysearchdial-toolbar-and-redirect-virus/
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/remove-mysearchdial-toolbar-and-redirect-virus/
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
[-] Value deleted: HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Windows\CurrentVersion\Run [SpeedItupFree]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedItupFree]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedItupFree]
[-] Key deleted: HKCU\Software\MozillaPlugins\TorchVLC
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch


***** [ Web browsers ] *****

[-] [C:\Users\gpuri\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\gpuri\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ehjldlodmkdlooagebfnaghgmkfccipn
[-] [C:\Users\gpuri\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5371 Bytes] - [08/07/2017 16:39:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [5707 Bytes] - [08/07/2017 15:47:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [5523 Bytes] - [08/07/2017 16:32:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5590 Bytes] ##########


Attached FRST and Addition as requested.
Attached Files
File Type: txt attach.txt (9.8 KB, 10 views)
File Type: txt Addition.txt (48.3 KB, 12 views)
File Type: txt FRST.txt (37.2 KB, 13 views)
File Type: txt Spybot Scan Results.170708-1530.txt (8.7 KB, 9 views)
jackson_gp7 is offline  
Sponsored Links
Advertisement
 
Old 07-08-2017, 05:38 AM   #4
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Hi,
I expected this thread was going to be deleted because I did not respond in time, hence please refer to my latest thread posted today. This thread may be deleted or ignored.
Apologies for any confusion.
jackson_gp7 is offline  
Old 07-08-2017, 09:25 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello jackson_gp7. I can address some of those questions later.

Windows Defender, already installed on your laptop, is a sufficient antivirus, in my opinion.

We don't address Spybot entries. It detects cookies which are beyond our scope. If you need help with those, contact Spybot.

------------------------------------------------------

Please re-enable this entry you disabled in MSConfig or TaskManager:

HKLM\...\StartupApproved\Run: => "WindowsDefender"

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\ProgramData\ChgService.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-09-2017, 02:08 AM   #6
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Hi Chemist,

Confirming I turned on teh Windows Defender for startup.

Regarding startup tasks, can I disable any of the following without problems:

-itunes helper
-persistence module
- hkcmd module
-Apple Push

Virus Total Scan result:
https://www.virustotal.com/en/file/e...is/1499591176/
jackson_gp7 is offline  
Old 07-09-2017, 02:38 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jackson_gp7. Thanks. Up to you.

Are you familiar with Change Modem Device Service? Do you use it?

I'm getting conflicting results. The file seems to be in the wrong location.

SystemLookup - Global Search

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-09-2017, 03:23 PM   #8
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Are you saying there will not be any problem if I disable the following on startup?

-itunes helper
-persistence module
- hkcmd module
-Apple Push

Please confirm.
..................................

I am not familiar with the Change Modem Device Service - why?

..................................

I have attached a screenshot of the Virus Total scan - are you able to click on the link I provided and see the complete results of the scan? If not, should I give you the results by screenshots?

Can I also get an idea of what you are trying to achieve?
Attached Thumbnails
Click image for larger version

Name:	Virus Total results.PNG
Views:	51
Size:	35.0 KB
ID:	309441  
jackson_gp7 is offline  
Old 07-09-2017, 11:03 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jackson_gp7. I don't see a problem with you disabling those, in general.

However, I don't have all those on my machines so I can't promise you won't have problems.

If you are unsure, google them and decide for your own.

Or read this >> https://www.bleepingcomputer.com/startups/

------------------------------------------------------

Quote:
I am not familiar with the Change Modem Device Service - why?
Because that file you scanned for me belongs to Change Modem Device Service.

So I was trying to determine if it was a legitimate service or not.

And yes, I can see all the info at the VirusTotal link you provided.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    ChgService.exe
    :regfind
    Change Modem Device Service
    ChgService.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-10-2017, 05:53 AM   #10
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



SystemLook 30.07.11 by jpshortstuff
Log created at 22:39 on 10/07/2017 by gpuri
Administrator - Elevation successful

========== filefind ==========

Searching for "ChgService.exe"
C:\ProgramData\ChgService.exe --a---- 114688 bytes [11:45 10/06/2014] [09:13 02/08/2012] 732B941CD5D448DD205FC7E51096C74D
C:\Users\All Users\ChgService.exe --a---- 114688 bytes [11:45 10/06/2014] [09:13 02/08/2012] 732B941CD5D448DD205FC7E51096C74D

========== regfind ==========

Searching for "Change Modem Device Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Change Modem Device Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Change Modem Device Service]
"DisplayName"="Change Modem Device Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Change Modem Device Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Change Modem Device Service]
"DisplayName"="Change Modem Device Service"

Searching for "ChgService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\ProgramData\ChgService.exe"="$ Win7RTM"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Change Modem Device Service]
"ImagePath"=""C:\ProgramData\ChgService.exe" -service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Change Modem Device Service]
"ImagePath"=""C:\ProgramData\ChgService.exe" -service"

-= EOF =-
jackson_gp7 is offline  
Old 07-10-2017, 08:48 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jackson_gp7.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------

Also, if you haven't done so already, you might want to create a USB recovery drive. It's really easy and quick.

https://windows.microsoft.com/en-us/w...recovery-drive

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
    Task: {06371D9A-BD73-48E6-BB23-39AF94615862} - \WPD\SqmUpload_S-1-5-21-893327517-2105621538-1822109975-1001 -> No File <==== ATTENTION
    Task: {167DE28D-DDC3-413F-B284-05D6EEAA3168} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {21A959E4-3E99-48BA-B5A5-D3AAECD7B5E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {30B01A12-7A56-430E-8D76-7CD166CD8042} - System32\Tasks\ThePCOptimizer_Start => C:\Program Files (x86)\The PC Optimizer\ThePCOptimizer.exe
    Task: {34176E07-BF0E-45F3-B3A8-223A90FE2F84} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {3EA032E3-AF81-4D3B-A07F-755047699423} - System32\Tasks\ThePCOptimizer_Popup => C:\Program Files (x86)\The PC Optimizer\Splash.exe
    Task: {4A86C294-1C37-4B76-A421-722B2A7E8EA0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {50AC4DEC-3F2F-43B4-A00A-39FA218EBAAD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6B36BBB7-6270-45A4-AAE9-BC36D3645C8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {94489B5B-D070-4816-AAC2-7ACD458EC9AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A8F95348-F080-402E-8A67-8FC42B306C37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {AC5CF48E-D034-46FB-A931-78AF1FB786A6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {CA4A18F7-3026-4B21-9F80-40A67FF71D9F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F9D380A7-F998-4310-A165-7B7367BC22E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    HKLM-x32\...\Run: [LManager] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    SearchScopes: HKLM -> DefaultScope {C4B8D84F-38BC-42B8-930D-A2229CC8BFF2} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-893327517-2105621538-1822109975-1001 -> {C4B8D84F-38BC-42B8-930D-A2229CC8BFF2} URL = 
    Toolbar: HKU\S-1-5-21-893327517-2105621538-1822109975-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
    2017-06-24 20:54 - 2017-06-24 20:54 - 00000000 ____D C:\Program Files (x86)\Display
    2017-06-24 20:22 - 2017-06-24 20:22 - 00000000 ____D C:\Program Files (x86)\Display Offer
    2017-06-24 20:21 - 2017-06-24 20:21 - 00000000 _____ C:\ProgramData\spds90.txt
    2017-06-24 20:04 - 2017-06-25 11:30 - 00003540 _____ C:\WINDOWS\System32\Tasks\ThePCOptimizer_Popup
    2017-06-24 20:04 - 2017-06-24 20:04 - 00003318 _____ C:\WINDOWS\System32\Tasks\ThePCOptimizer_Start
    2017-06-24 20:04 - 2017-06-24 20:04 - 00000000 ____D C:\Users\gpuri\AppData\Local\The_PC_Optimizer
    
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-14-2017, 04:26 AM   #12
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Hi,

Sorry for the delay, I had an exam.

Here is the response with requested log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2017
Ran by gpuri (14-07-2017 21:11:25) Run:1
Running from C:\Users\gpuri\Desktop
Loaded Profiles: gpuri (Available Profiles: gpuri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
Task: {06371D9A-BD73-48E6-BB23-39AF94615862} - \WPD\SqmUpload_S-1-5-21-893327517-2105621538-1822109975-1001 -> No File <==== ATTENTION
Task: {167DE28D-DDC3-413F-B284-05D6EEAA3168} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {21A959E4-3E99-48BA-B5A5-D3AAECD7B5E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {30B01A12-7A56-430E-8D76-7CD166CD8042} - System32\Tasks\ThePCOptimizer_Start => C:\Program Files (x86)\The PC Optimizer\ThePCOptimizer.exe
Task: {34176E07-BF0E-45F3-B3A8-223A90FE2F84} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3EA032E3-AF81-4D3B-A07F-755047699423} - System32\Tasks\ThePCOptimizer_Popup => C:\Program Files (x86)\The PC Optimizer\Splash.exe
Task: {4A86C294-1C37-4B76-A421-722B2A7E8EA0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {50AC4DEC-3F2F-43B4-A00A-39FA218EBAAD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6B36BBB7-6270-45A4-AAE9-BC36D3645C8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {94489B5B-D070-4816-AAC2-7ACD458EC9AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A8F95348-F080-402E-8A67-8FC42B306C37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AC5CF48E-D034-46FB-A931-78AF1FB786A6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CA4A18F7-3026-4B21-9F80-40A67FF71D9F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F9D380A7-F998-4310-A165-7B7367BC22E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
HKLM-x32\...\Run: [LManager] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> DefaultScope {C4B8D84F-38BC-42B8-930D-A2229CC8BFF2} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-893327517-2105621538-1822109975-1001 -> {C4B8D84F-38BC-42B8-930D-A2229CC8BFF2} URL =
Toolbar: HKU\S-1-5-21-893327517-2105621538-1822109975-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
2017-06-24 20:54 - 2017-06-24 20:54 - 00000000 ____D C:\Program Files (x86)\Display
2017-06-24 20:22 - 2017-06-24 20:22 - 00000000 ____D C:\Program Files (x86)\Display Offer
2017-06-24 20:21 - 2017-06-24 20:21 - 00000000 _____ C:\ProgramData\spds90.txt
2017-06-24 20:04 - 2017-06-25 11:30 - 00003540 _____ C:\WINDOWS\System32\Tasks\ThePCOptimizer_Popup
2017-06-24 20:04 - 2017-06-24 20:04 - 00003318 _____ C:\WINDOWS\System32\Tasks\ThePCOptimizer_Start
2017-06-24 20:04 - 2017-06-24 20:04 - 00000000 ____D C:\Users\gpuri\AppData\Local\The_PC_Optimizer

EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06371D9A-BD73-48E6-BB23-39AF94615862} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06371D9A-BD73-48E6-BB23-39AF94615862} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-893327517-2105621538-1822109975-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{167DE28D-DDC3-413F-B284-05D6EEAA3168} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{167DE28D-DDC3-413F-B284-05D6EEAA3168} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21A959E4-3E99-48BA-B5A5-D3AAECD7B5E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A959E4-3E99-48BA-B5A5-D3AAECD7B5E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30B01A12-7A56-430E-8D76-7CD166CD8042} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30B01A12-7A56-430E-8D76-7CD166CD8042} => key removed successfully
C:\WINDOWS\System32\Tasks\ThePCOptimizer_Start => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ThePCOptimizer_Start => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34176E07-BF0E-45F3-B3A8-223A90FE2F84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34176E07-BF0E-45F3-B3A8-223A90FE2F84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EA032E3-AF81-4D3B-A07F-755047699423} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA032E3-AF81-4D3B-A07F-755047699423} => key removed successfully
C:\WINDOWS\System32\Tasks\ThePCOptimizer_Popup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ThePCOptimizer_Popup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A86C294-1C37-4B76-A421-722B2A7E8EA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A86C294-1C37-4B76-A421-722B2A7E8EA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50AC4DEC-3F2F-43B4-A00A-39FA218EBAAD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50AC4DEC-3F2F-43B4-A00A-39FA218EBAAD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B36BBB7-6270-45A4-AAE9-BC36D3645C8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B36BBB7-6270-45A4-AAE9-BC36D3645C8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94489B5B-D070-4816-AAC2-7ACD458EC9AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94489B5B-D070-4816-AAC2-7ACD458EC9AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8F95348-F080-402E-8A67-8FC42B306C37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F95348-F080-402E-8A67-8FC42B306C37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC5CF48E-D034-46FB-A931-78AF1FB786A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5CF48E-D034-46FB-A931-78AF1FB786A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4A18F7-3026-4B21-9F80-40A67FF71D9F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4A18F7-3026-4B21-9F80-40A67FF71D9F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9D380A7-F998-4310-A165-7B7367BC22E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9D380A7-F998-4310-A165-7B7367BC22E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-893327517-2105621538-1822109975-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B8D84F-38BC-42B8-930D-A2229CC8BFF2} => key removed successfully
HKLM\Software\Classes\CLSID\{C4B8D84F-38BC-42B8-930D-A2229CC8BFF2} => key not found.
HKU\S-1-5-21-893327517-2105621538-1822109975-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => value removed successfully
HKLM\Software\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => key not found.
C:\Program Files (x86)\Display => moved successfully
C:\Program Files (x86)\Display Offer => moved successfully
C:\ProgramData\spds90.txt => moved successfully
"C:\WINDOWS\System32\Tasks\ThePCOptimizer_Popup" => not found.
"C:\WINDOWS\System32\Tasks\ThePCOptimizer_Start" => not found.
C:\Users\gpuri\AppData\Local\The_PC_Optimizer => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21241190 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 123540771 B
Edge => 0 B
Chrome => 128543250 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 37040 B
LocalService => 16777844 B
NetworkService => 24293726 B
gpuri => 101181856 B

RecycleBin => 0 B
EmptyTemp: => 396.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:16:05 ====
jackson_gp7 is offline  
Old 07-14-2017, 09:03 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jackson_gp7. No worries. Any improvement so far?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java 8 Update 31

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > https://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-15-2017, 11:54 PM   #14
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



I think it is too early to say if performance has improved. if at all, a little. will keep watching over next 1 week.
MBAM scan log attached.
Attached Files
File Type: txt MBAM scan log 16-07-17.txt (5.1 KB, 8 views)
jackson_gp7 is offline  
Old 07-16-2017, 04:41 AM   #15
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



The ESET scan is still running , taken 3 hours 45min so far, 2 infected files. 265,000+ files scanned.
I will attached the ESET report but
what is the 'report on system behaviour' you referred to above?
jackson_gp7 is offline  
Old 07-16-2017, 05:00 AM   #16
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



ESET Scan attached, took just over 4 hours.
There seems to be some improvement in overall computer speed.
Attached Files
File Type: txt ESET Scan.txt (494 Bytes, 8 views)
jackson_gp7 is offline  
Old 07-16-2017, 03:48 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jackson_gp7. By 'report on system behaviour', I just meant tell us how the machine is behaving.

------------------------------------------------------

MBAM just found some SpeedItUp remnants, where ESET found a couple of toolbar bundled items, nothing to be alarmed about.

It appears any remaining issues are beyond malware. Let us know how it performs over the next few days.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\gpuri\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c del /a/f/q "C:\Windows\Installer\MSID740.tmp"

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-20-2017, 04:30 AM   #18
Registered Member
 
jackson_gp7's Avatar
 
Join Date: Feb 2008
Location: Melbourne, Australia
Posts: 106
OS: Windows 10 Home x64



Hi,
I followed your instructions above with the commands.
What was the purpose?

Overall, the speed has significantly improved. Though at times, MS word shows 'not responding', its not a big issue but will watch it. Getting back to my comments earlier in this post, the questions that remain are:

Is Sybot worthwhile to use or should I use another alternative on a regular (weekly basis).?
I am curious to know do I need to defrag my hard drive and external hard drive? If so, should I use the free program discussed in your sticky thread which I saw recently?
• Regarding my external hard drive – I am concerned that it keeps making noises and searching / reading. Most of the time it is fine no major issues but I am concerned one day it will not load and I may lose my back up. I currently back up my external Hard drive on my desktop PC once in 3 months. Do you have any advice on maintenance of external hard drive? It is 1 TB and I have used about 350MB.
• Lastly, I use Avira free antivirus on my desktop PC. Is it worth it or useless? It is Windows XP from several years ago.
How do I fix/pin certain documents to the right click menu on teh start bar e.g. I want to fix a MS Word document on the right click menu when I right click on the MS Word icon on the start bar. I know I can do this on other systems.
jackson_gp7 is offline  
Old 07-20-2017, 08:02 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jackson_gp7. Those commands deleted the ESET finds.

I don't use Spybot anymore. MBAM is a much better alternative.

As far as a free antivirus, I would just use Security Essentials(or Windows Defender if Win10).

Sorry, but as far as your questions about drives and Word, I would ask the folks in our Hardware Support Forum or Microsoft Office Support Forum

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-11-2017, 02:30 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
'setup is starting services' Acer laptop error
Hello, I would really appreciate some help from a knowledgeable person, I have tried everywhere on the net but no solution. I have an acer aspire 5742 laptop running windows 7 which crashed yesterday, id restored to factory settings a couple weeks previously and it seemed to be working fine but...
Van Halen Laptop Support 0 04-29-2014 06:51 AM
Acer Aspire 6920G laptop startup problem
I was prompted to update my adobe reader as it was out of date so I began downloading the new version. When the download reached 96% it then began to freeze and would not continue for over 5 minutes. At this point I then lost the toolbar on the bottom of the screen and the laptop began to...
laptopproblem Laptop Support 5 11-22-2012 01:25 PM
Acer Aspire 5100 Laptop Black screen after upgrading to 4GB RAM
Hello. I have an Acer Aspire 5100 laptop with Windows XP Media Center Edition. This past weekend, I tried to upgrade to 4GB of RAM. After replacing the old RAM sticks with the new, I am getting nothing but a black screen after turning on my laptop. The mouse and keyboard I usually keep plugged in...
CMichael Laptop Support 2 08-02-2011 07:49 PM
Unbelievable SLOW install of Win XP Pro on very old laptop (12 hours and counting ...
hi, on my very old laptop that i kept for compatibility reasons (to be able to run some old dos progs and games and win3 to win ME stuff) i am just trying to install win xp pro. the laptop has a Pentium I 233MMX and 128 MB Ram. the notebook model is the Mitac 5026. now i know xp...
7stone Windows XP Support 5 04-09-2011 02:14 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:21 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts