User Tag List

PC has gotten slow

This is a discussion on PC has gotten slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. A few months ago I updated my PC which had been running windows XP to Windows 10. I changed my


 
 
Thread Tools Search this Thread
Old 07-07-2017, 07:59 PM   #1
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


A few months ago I updated my PC which had been running windows XP to Windows 10. I changed my main HD to a samsung SSD. Immediately I noticed my PC was much faster. I had not changed anything else except the the HD and OS. Recently in the past few weeks my PC has become very slow. The only real change to my knowledge is I adjusted my internet speeds through my ISP. I lowered it but to my knowledge it is supposed to me at a mininimum 25mbps. My internet does seem slow at times but usually its my PC in general that is slow. I run Malwarebytes occassionally and have AVG antivirus. Thanks

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by ukbsk at 21:37:41 on 2017-07-07
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.4094.106 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Windscribe\WindscribeService.exe
C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Users\ukbsk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Program Files (x86)\AVG\Setup\avgsetupx.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe
C:\Users\ukbsk\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
svchost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\BackgroundTransferHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={82DC8F58-9144-405E-9322-8922D66BBB03}&mid=f1f3e9ddd43247cf8c3cd1543b36bffd-bb9a1d0f432bd967561b35048650c4cb794a2fb2&lang=en&ds=AVG&coid=avgtbavg&cmpid=0517tb&pr=fr&d=2017-01-26 00:21:31&v=4.3.7.452&pid=wtu&sg=&sap=hp
uLocal Page = %11%\blank.htm
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
uRun: [OneDrive] "C:\Users\ukbsk\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Windscribe] C:\Program Files (x86)\Windscribe\Windscribe.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76
TCP: Interfaces\{07924db2-44d5-4a50-b86f-96a98701c987} : DHCPNameServer = 10.110.234.1
TCP: Interfaces\{59c00cd1-0e57-4b32-b4a9-ca83ebb8a71a} : DHCPNameServer = 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76
TCP: Interfaces\{bbbd2ab0-018c-4933-b792-f15272fd5611} : DHCPNameServer = 10.110.182.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ukbsk\AppData\Roaming\Mozilla\Firefox\Profiles\qr07vecu.default-1490668017164\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\ukbsk\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-20 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-20 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-20 227328]
R1 avgbdisk;avgbdisk;C:\WINDOWS\System32\drivers\avgbdiska.sys [2017-6-6 166624]
R1 avgbidsdriver;avgbidsdriver;C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [2017-6-6 313616]
R1 avgRdr;avgRdr;C:\WINDOWS\System32\drivers\avgRdr2.sys [2017-6-6 102792]
R1 avgSnx;avgSnx;C:\WINDOWS\System32\drivers\avgSnx.sys [2017-6-6 1008288]
R1 avgSP;avgSP;C:\WINDOWS\System32\drivers\avgSP.sys [2017-6-6 578048]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-12-9 753240]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2246256]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2017-6-28 264432]
R2 avgMonFlt;avgMonFlt;C:\WINDOWS\System32\drivers\avgMonFlt.sys [2017-6-6 139112]
R2 avgStm;avgStm;C:\WINDOWS\System32\drivers\avgStm.sys [2017-6-6 191208]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2017-7-3 1428656]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-1-5 4470736]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2017-5-17 8315664]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 462784]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2017-1-2 1163712]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-2 425408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2017-1-2 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-20 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WindscribeService;WindscribeService;C:\Program Files (x86)\Windscribe\WindscribeService.exe [2017-5-12 71272]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2017-6-28 7481648]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-1-5 252832]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-2 46016]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 tapwindscribe0901;Windscribe VPN;C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [2017-5-11 54896]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 vToolbarUpdater40.3.7;vToolbarUpdater40.3.7;"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe" --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 avgHwid;avgHwid;C:\WINDOWS\System32\drivers\avgHwid.sys [2017-6-6 39424]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-20 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2017-1-3 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-1-5 91584]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-20 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2016-11-20 113152]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-2 462784]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-1-2 27584]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-11 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-15 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2017-1-3 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-20 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-15 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-11 347320]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-15 258560]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-20 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-07-07 22:27:30 1192392 ----a-w- C:\WINDOWS\isRS-000.tmp
2017-07-01 14:18:51 -------- d-s---w- C:\WINDOWS\UpdateAssistantV2
2017-06-29 03:23:22 -------- d-----w- C:\Users\ukbsk\AppData\Local\Wondershare
2017-06-29 03:23:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2017-06-29 03:21:36 1250304 ----a-w- C:\WINDOWS\System32\CFDecode64.ax
2017-06-29 03:21:24 -------- d-----w- C:\ProgramData\Wondershare Video Editor
2017-06-29 03:21:23 -------- d-----w- C:\Program Files\Wondershare
2017-06-29 02:30:13 401584 ----a-w- C:\WINDOWS\System32\avgBoot.exe
2017-06-27 22:46:46 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8861F360-7DB6-4AB5-A6B0-FF882BF998AA}\mpengine.dll
2017-06-27 22:44:55 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2017-06-26 02:45:43 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-17 22:51:34 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEC5BC2F-4FBA-4408-8E1A-DBF10679E486}\gapaengine.dll
.
==================== Find3M ====================
.
2017-07-08 02:23:23 252832 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-07-01 14:27:57 353744 ----a-w- C:\WINDOWS\System32\drivers\avgvmm.sys
2017-06-29 02:30:09 76832 ----a-w- C:\WINDOWS\System32\drivers\avgRvrt.sys
2017-06-29 02:30:09 578048 ----a-w- C:\WINDOWS\System32\drivers\avgSP.sys
2017-06-29 02:30:09 39424 ----a-w- C:\WINDOWS\System32\drivers\avgHwid.sys
2017-06-29 02:30:09 191208 ----a-w- C:\WINDOWS\System32\drivers\avgStm.sys
2017-06-29 02:30:09 139112 ----a-w- C:\WINDOWS\System32\drivers\avgMonFlt.sys
2017-06-29 02:30:09 102792 ----a-w- C:\WINDOWS\System32\drivers\avgRdr2.sys
2017-06-29 02:30:00 1008288 ----a-w- C:\WINDOWS\System32\drivers\avgSnx.sys
2017-06-29 02:29:56 51336 ----a-w- C:\WINDOWS\System32\drivers\avgbuniva.sys
2017-06-29 02:29:56 336896 ----a-w- C:\WINDOWS\System32\drivers\avgbloga.sys
2017-06-29 02:29:56 313616 ----a-w- C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2017-06-29 02:29:56 192584 ----a-w- C:\WINDOWS\System32\drivers\avgbidsha.sys
2017-06-29 02:29:56 166624 ----a-w- C:\WINDOWS\System32\drivers\avgbdiska.sys
2017-06-18 00:34:06 118272 ----a-w- C:\WINDOWS\SysWow64\AppointmentActivation.dll
2017-06-06 15:00:31 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF327.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF307.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF2F6.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF2D6.tmp
2017-06-06 14:38:34 0 ----a-w- C:\WINDOWS\System32\drivers\aswF2B6.tmp
2017-06-03 10:50:15 192856 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
2017-06-03 10:50:04 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-06-03 10:16:14 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2017-06-03 10:14:28 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-06-03 10:14:27 629088 ----a-w- C:\WINDOWS\System32\generaltel.dll
2017-06-03 10:14:27 1564512 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-06-03 10:14:27 1214816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-06-03 10:14:26 96608 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2017-06-03 10:14:26 544096 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-06-03 10:14:26 334176 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-06-03 10:14:26 233824 ----a-w- C:\WINDOWS\System32\aepic.dll
2017-06-03 10:14:26 136032 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-06-03 10:14:25 136024 ----a-w- C:\WINDOWS\System32\ImplatSetup.dll
2017-06-03 10:14:23 335712 ----a-w- C:\WINDOWS\System32\dcntel.dll
2017-06-03 10:14:20 34648 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2017-06-03 10:11:29 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-06-03 10:11:25 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2017-06-03 10:09:08 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-06-03 10:08:10 7783256 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-06-03 1040 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-06-03 10:01:49 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-06-03 09:59:51 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-06-03 09:59:40 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-06-03 09:59:25 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-06-03 09:58:13 340832 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-06-03 09:55:19 780640 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-06-03 09:54:24 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2017-06-03 09:53:07 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-06-03 09:52:57 1021784 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2017-06-03 09:52:38 111968 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2017-06-03 09:52:31 607072 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-06-03 09:51:09 2187104 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-06-03 09:51:02 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-06-03 09:50:35 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-06-03 09:50:15 381792 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2017-06-03 09:49:28 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-06-03 09:49:27 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2017-06-03 09:48:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-06-03 09:48:44 1112416 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2017-06-03 09:48:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-06-03 09:48:28 857952 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-06-03 09:48:26 148832 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2017-06-03 09:44:54 1412640 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-06-03 09:44:50 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-06-03 09:44:34 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-06-03 09:40:36 1566552 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-06-03 09:40:33 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-06-03 09:39:35 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-06-03 09:39:09 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-06-03 09:39:04 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-06-03 09:33:14 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-06-03 09:32:12 2560 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2017-06-03 09:31:50 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-06-03 09:31:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-06-03 09:28:56 232448 ----a-w- C:\WINDOWS\SysWow64\edputil.dll
2017-06-03 09:28:32 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-06-03 09:26:16 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2017-06-03 09:26:00 100352 ----a-w- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
2017-06-03 09:23:57 306688 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-06-03 09:22:56 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2017-06-03 09:22:53 181760 ----a-w- C:\WINDOWS\SysWow64\tcpipcfg.dll
2017-06-03 09:22:36 327168 ----a-w- C:\WINDOWS\SysWow64\netcorehc.dll
2017-06-03 09:22:29 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-06-03 09:20:21 755712 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2017-06-03 09:19:49 1164288 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2017-06-03 09:18:28 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-06-03 09:16:30 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-06-03 09:16:27 709120 ----a-w- C:\WINDOWS\SysWow64\CPFilters.dll
2017-06-03 09:16:24 2560 ----a-w- C:\WINDOWS\System32\tzres.dll
2017-06-03 09:15:41 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-06-03 09:15:38 53248 ----a-w- C:\WINDOWS\System32\musdialoghandlers.dll
2017-06-03 09:15:21 886272 ----a-w- C:\WINDOWS\SysWow64\aadtb.dll
2017-06-03 09:15:20 41472 ----a-w- C:\WINDOWS\System32\drivers\BasicRender.sys
2017-06-03 09:14:44 124416 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2017-06-03 09:14:35 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
2017-06-03 09:14:18 98304 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
2017-06-03 09:14:01 238592 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2017-06-03 09:12:49 27136 ----a-w- C:\WINDOWS\SysWow64\fdProxy.dll
2017-06-03 09:12:28 175104 ----a-w- C:\WINDOWS\System32\wbem\netswitchteamcim.dll
.
============= FINISH: 21:40:48.81 ===============
Attached Files
File Type: txt attach.txt (11.1 KB, 235 views)
ukbsktbll is offline  
Sponsored Links
Advertisement
 
Old 07-10-2017, 09:38 PM   #2
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


Bump plz. Thanks
ukbsktbll is offline  
Old 07-13-2017, 02:31 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no sign of infection in your logs. Your slowness issue is likely beyond malware.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 07-16-2017, 09:48 PM   #4
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


Tried to copy frst.txt but said too many characters

# AdwCleaner v6.047 - Logfile created 16/07/2017 at 23:29:14
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-13.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : ukbsk - DESKTOP-ORSL5CO
# Running from : C:\Users\ukbsk\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: vToolbarUpdater40.3.7
[-] Service deleted: WtuSystemSupport


***** [ Folders ] *****

[-] Folder deleted: C:\Users\ukbsk\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Users\ukbsk\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Files ] *****

[-] File deleted: C:\Users\ukbsk\AppData\Roaming\Mozilla\Firefox\Profiles\qr07vecu.default-1490668017164\extensions\[email protected]
[-] File deleted: C:\Users\ukbsk\AppData\Roaming\Mozilla\Firefox\Profiles\qr07vecu.default-1490668017164\searchplugins\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Data restored: HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Key deleted: HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Web browsers ] *****

[-] [C:\Users\ukbsk\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5488 Bytes] - [16/07/2017 23:29:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [6218 Bytes] - [16/07/2017 23:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5634 Bytes] ##########
Attached Files
File Type: txt Addition.txt (41.8 KB, 10 views)
File Type: txt FRST.txt (103.7 KB, 9 views)
ukbsktbll is offline  
Old 07-16-2017, 10:51 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello ukbsktbll. How long have you had AVG installed? AVG tends to be very resource intensive, and may be responsible for your slowness issues.

We can try uninstalling AVG later and see if that makes a difference.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------

I see you have P2P software ( Vuze ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Open Chrome and copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://extensions

Click the trash can icon by Ebates.

When prompted, click 'Remove'. Restart Chrome.

---------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" 
    HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\...\MountPoints2: {6c2233f7-ceb4-11e6-9bc1-806e6f6e6963} - "D:\setup.exe" 
    HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
    SearchScopes: HKU\S-1-5-21-1945368319-2339327641-2294299375-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll => No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    2017-06-29 03:29 - 2017-05-12 09:33 - 00000000 ____D C:\Users\ukbsk\AppData\Roaming\Azureus
    C:\Users\ukbsk\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-18-2017, 08:02 AM   #6
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by ukbsk (17-07-2017 18:23:49) Run:1
Running from C:\Users\ukbsk\Desktop
Loaded Profiles: ukbsk (Available Profiles: ukbsk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\...\MountPoints2: {6c2233f7-ceb4-11e6-9bc1-806e6f6e6963} - "D:\setup.exe"
HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1945368319-2339327641-2294299375-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll => No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
2017-06-29 03:29 - 2017-05-12 09:33 - 00000000 ____D C:\Users\ukbsk\AppData\Roaming\Azureus
C:\Users\ukbsk\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c2233f7-ceb4-11e6-9bc1-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{6c2233f7-ceb4-11e6-9bc1-806e6f6e6963} => key not found.
HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1945368319-2339327641-2294299375-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\Users\ukbsk\AppData\Roaming\Azureus => moved successfully
"C:\Users\ukbsk\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 118781 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 277643722 B
Java, Flash, Steam htmlcache => 18182 B
Windows/system/drivers => 1475463836 B
Edge => 8440089 B
Chrome => 822361962 B
Firefox => 112712778 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 208558895 B
systemprofile32 => 130 B
LocalService => 83090 B
NetworkService => 122869464 B
ukbsk => 708680284 B

RecycleBin => 6939614 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:37:59 ====
ukbsktbll is offline  
Old 07-18-2017, 07:37 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ukbsktbll.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-22-2017, 09:24 PM   #8
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


Sorry for no response for a few days I am now working on these last two requests. I have had AVG prob since I upgraded to Windows 10. I am not set on it as the antivirus I must use if a better one is recommended. I will post the next two requested items within the next day. Thanks
ukbsktbll is offline  
Old 07-23-2017, 05:03 AM   #9
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


Here are those two logs. Thanks
Attached Files
File Type: txt estonlinescanner.txt (4.9 KB, 5 views)
File Type: txt MBAM.txt (5.8 KB, 5 views)
ukbsktbll is offline  
Old 07-23-2017, 03:14 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ukbsktbll. I'll leave it up to you whether to delete those ESET finds or not.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49AB2080-7813-477F-835E-946DFD2CE4AA}]
"SystemComponent"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Try using the built-in Windows Defender. Just re-enable Windows Defender.

Windows Defender has been upgraded to an antivirus for Windows 10. You do not need to install another antivirus.

Windows Defender in Windows 10 resembles Microsoft Security Essentials and uses the same virus definitions:

https://en.wikipedia.org/wiki/Windows_Defender

Please uninstall all instances of AVG via Programs and Features in your Control Panel then reboot.

------------------------------------------------------

Let me know how it goes.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-25-2017, 10:26 AM   #11
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


So far seems a little faster but I have just recently finished the last few tasks including removing AVG. Thanks
ukbsktbll is offline  
Old 07-25-2017, 07:27 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-05-2017, 08:13 AM   #13
TSF Enthusiast
 
Join Date: Oct 2003
Posts: 1,182
OS: XP Professional

My System


I feel like at times its a little faster but not much. I had downgraded my internet so ran a speedtest just to see. Ping 34ms, download 28.5 upload 6.0. I will be upgrading my PC soon so I guess that will fix all these issues.
ukbsktbll is offline  
Old 08-05-2017, 03:28 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go File > Uninstall > Yes

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-11-2017, 02:37 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mysterious slow downloads
I've had this problem for a few months now. Some, but not all, of my downloads are intolerably slow. It's not a general internet speed issue; speed tests clock in at the expected rate (1.5-2 MB/s), and surfing webpages feels normal. The downloads in question are through websites like Keep2share,...
MedFive File and Application Sharing 1 03-01-2015 02:51 PM
My system running slow
:dance: Hi There!! I shall be very thankful if anybody guide/help me to resolve my computer's slow running issue. My system configuration is as follows: Windows edition: Windows 7 professional - Service pack 1 System:
Binyamin911 Windows 7 , Windows Vista Support 2 07-25-2014 02:23 PM
Win7: Suddenly SLOW, but normal mem usage
(Typing from Safe Mode) My machine: Asus G73Jh laptop Windows 7 64-bit Home Premium SP1 ATI Mobility Radeon™ HD 5800 Intel Core i7 Q720 1.60GHz 8 GB RAM 1TB hard drive, pre-partitioned into 3 segments, 2 of those with about 30% free and one nearly full (not the one with the Windows, etc....
bjj8383 Windows 7 , Windows Vista Support 2 03-29-2011 05:34 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:27 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts