Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Windows 7 suddenly slow, hangs in every app

This is a discussion on Windows 7 suddenly slow, hangs in every app within the Resolved HJT Threads forums, part of the Tech Support Forum category. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.18939 Run by Sophie at 10:18:33 on 2018-03-19 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8111.4755 [GMT


 
 
Thread Tools Search this Thread
Old 03-19-2018, 07:28 AM   #1
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18939
Run by Sophie at 10:18:33 on 2018-03-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8111.4755 [GMT -4:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Everything\Everything.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon-x64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: ZeonIEEventHelper Class: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EF0DE353-D50E-4C6A-A6EE-C63EA259F3D8} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= acaptuser32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ajanklf9.default-1513809574451\
FF - prefs.js: browser.startup.homepage - hxxps://yourvibration.com/reclaim/forums/forum/participants-2
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\nppdf.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Sophie\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_29_0_0_113.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\Windows\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2016-6-20 348376]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2016-6-20 57024]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2016-5-31 45488]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2016-5-17 75696]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\Windows\System32\drivers\klwtp.sys [2016-6-2 135904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2016-6-14 199640]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [2016-6-28 241544]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Everything;Everything;C:\Program Files\Everything\Everything.exe [2016-11-1 2197608]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2017-8-16 5261584]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2016-3-18 248840]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 70168]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2016-10-31 195288]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2016-5-19 52144]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-4 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-3 128608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-3-13 116224]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-4-4 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-4-4 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2017-4-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2017-3-9 1255736]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\NotePro.exe="C:\Program Files (x86)\NoteTab 7\NotePro.exe" "%1" [UserChoice]
ShellExec: EDITPLUS.EXE: open=EDITPLUS.EXE
ShellExec: EDITPLUS.EXE: print=EDITPLUS.EXE
.
=============== Created Last 30 ================
.
2018-03-16 06:10:35 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F65AD16E-8A6D-4C34-B5B0-8F3E1DBF6430}\offreg.4512.dll
2018-03-16 06:08:01 14453336 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F65AD16E-8A6D-4C34-B5B0-8F3E1DBF6430}\mpengine.dll
2018-03-13 20:59:59 95424 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-03-05 22:44:58 -------- d-----w- C:\Users\Sophie\AppData\Roaming\obs-studio
2018-03-05 22:43:12 -------- d-----w- C:\Program Files (x86)\obs-studio
2018-03-03 17:23:20 -------- d-----w- C:\Program Files\CCleaner
2018-02-21 18:29:57 -------- d-----w- C:\Program Files\The Bat!
.
==================== Find3M ====================
.
2018-03-13 21:04:00 130364688 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2018-03-13 11:05:06 804352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-03-13 11:05:06 144896 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-03-09 03:39:08 708288 ----a-w- C:\Windows\System32\winload.efi
2018-03-09 03:39:08 5580992 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-03-09 03:39:06 154816 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-03-09 03:18:13 631640 ----a-w- C:\Windows\System32\winresume.efi
2018-03-09 03:14:21 4044992 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-03-09 03:14:21 4025536 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-03-09 03:09:10 1665336 ----a-w- C:\Windows\System32\ntdll.dll
2018-03-09 02:47:00 1314064 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-03-09 02:38:24 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-03-09 02:38:19 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-03-09 02:38:18 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-03-09 02:37:37 64512 ----a-w- C:\Windows\System32\auditpol.exe
2018-03-09 02:34:38 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-03-09 02:34:09 129536 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-03-09 02:33:50 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-03-09 02:31:07 160256 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-03-09 02:30:33 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-03-09 02:30:31 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-03-09 02:29:48 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-03-09 02:29:45 112640 ----a-w- C:\Windows\System32\smss.exe
2018-03-09 02:26:09 50688 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-03-09 02:22:48 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-03-09 02:22:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-03-09 02:22:47 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-03-09 02:22:46 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-03-09 02:22:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-03-09 02:21:55 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-03-09 02:21:55 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-09 02:21:55 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-09 02:21:55 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-03-01 08:36:18 3226112 ----a-w- C:\Windows\System32\win32k.sys
2018-02-22 03:28:38 217600 ----a-w- C:\Windows\System32\WinSCard.dll
2018-02-22 0340 134656 ----a-w- C:\Windows\SysWow64\WinSCard.dll
2018-02-21 09:59:57 57024 ----a-w- C:\Windows\System32\drivers\klim6.sys
2018-02-18 21:34:05 634272 ----a-w- C:\Windows\System32\winload.exe
2018-02-16 14:37:51 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-02-16 14:37:03 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-02-15 15:15:49 3241472 ----a-w- C:\Windows\System32\wininet.dll
2018-02-15 14:57:08 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-02-13 18:17:21 136384 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2018-02-13 18:10:15 655872 ----a-w- C:\Windows\System32\aeinv.dll
2018-02-13 14:05:17 740864 ----a-w- C:\Windows\System32\generaltel.dll
2018-02-13 14:05:17 600576 ----a-w- C:\Windows\System32\devinv.dll
2018-02-13 14:05:17 451072 ----a-w- C:\Windows\System32\centel.dll
2018-02-13 14:05:17 380928 ----a-w- C:\Windows\System32\invagent.dll
2018-02-13 14:05:17 262144 ----a-w- C:\Windows\System32\acmigration.dll
2018-02-13 14:05:17 237568 ----a-w- C:\Windows\System32\aepic.dll
2018-02-13 14:05:17 1994752 ----a-w- C:\Windows\System32\aitstatic.exe
2018-02-13 14:05:17 1560064 ----a-w- C:\Windows\System32\appraiser.dll
2018-02-10 18:23:59 330240 ----a-w- C:\Windows\SysWow64\zipfldr.dll
2018-02-10 18:23:37 111616 ----a-w- C:\Windows\SysWow64\racpldlg.dll
2018-02-10 18:23:27 2292224 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
2018-02-10 18:11:38 369664 ----a-w- C:\Windows\System32\zipfldr.dll
2018-02-10 18:11:21 119296 ----a-w- C:\Windows\System32\racpldlg.dll
2018-02-10 18:11:14 3665920 ----a-w- C:\Windows\System32\MSVidCtl.dll
2018-02-10 18:11:13 133120 ----a-w- C:\Windows\System32\msrahc.dll
2018-02-10 17:55:30 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-02-10 17:55:16 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-02-10 17:40:55 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-02-10 17:40:08 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-02-10 17:40:07 577536 ----a-w- C:\Windows\System32\vbscript.dll
2018-02-10 17:40:02 417280 ----a-w- C:\Windows\System32\html.iec
2018-02-10 17:37:20 5779968 ----a-w- C:\Windows\System32\jscript9.dll
2018-02-10 17:36:39 40960 ----a-w- C:\Windows\SysWow64\sdchange.exe
2018-02-10 17:36:38 108032 ----a-w- C:\Windows\SysWow64\msra.exe
2018-02-10 17:36:31 7168 ----a-w- C:\Windows\SysWow64\MsraLegacy.tlb
2018-02-10 17:28:04 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-02-10 17:28:03 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-02-10 17:27:40 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-02-10 17:26:05 653312 ----a-w- C:\Windows\System32\msra.exe
2018-02-10 17:26:03 51712 ----a-w- C:\Windows\System32\sdchange.exe
2018-02-10 17:25:56 7168 ----a-w- C:\Windows\System32\MsraLegacy.tlb
2018-02-10 17:25:26 9728 ----a-w- C:\Windows\System32\drivers\errdev.sys
2018-02-10 17:25:26 14336 ----a-w- C:\Windows\System32\drivers\wmiacpi.sys
2018-02-10 17:22:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-02-10 17:20:10 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-02-10 17:10:36 499712 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-02-10 17:10:28 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-02-10 17:10:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-02-10 17:09:59 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-02-10 17:09:45 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-02-10 17:09:34 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-02-10 17:00:29 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-02-10 17:00:05 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-02-10 16:47:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-02-10 16:47:38 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-02-10 16:47:29 2134016 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-02-10 16:47:13 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-02-10 16:40:50 4496384 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-02-10 16:33:45 2058240 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-02-10 16:33:11 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-02-02 18:40:54 114368 ----a-w- C:\Windows\System32\consent.exe
2018-02-02 18:29:11 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2018-02-02 18:29:11 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2018-02-02 18:29:11 2365952 ----a-w- C:\Windows\SysWow64\msi.dll
2018-02-02 18:28:30 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2018-02-02 18:16:17 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-07 12:12:48 1017792 --shatr- C:\Windows\SysWOW64\ActionCenterForms.dll
.
============= FINISH: 10:19:27.75 ===============

I installed Windows 7 professional myself, so I think I still have access to the disk.
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 03-19-2018, 07:57 AM   #2
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,807
OS: Windows 7 Professional SP1

My System


Hi,

Did you get attach.txt?
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 03-19-2018, 09:22 AM   #3
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Hi Dave. I thought I attached it to my post... must have made a mistake. Here it is again

I see what I did. I didn't press the upload button... oops, sorry about that.
Attached Files
File Type: txt attach.txt (4.2 KB, 7 views)
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 03-19-2018, 10:33 AM   #4
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Dave,

I went into my control panel and uninstalled about 15 small programs I bought over the past year.

Suddenly my computer behaves normal.

I did that before I scanned for DDS.

Is it possible that it was inside those programs whatever was killing my computer? Or do I still have some virus-type lurking in the depths of my machine?
mavensophie is offline  
Old 03-20-2018, 03:52 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



If you aren't experiencing any problems, you should be good to go.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-20-2018, 03:57 PM   #6
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

ok. maybe i should. Thank you Chemist.
mavensophie is offline  
Old 03-23-2018, 03:48 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, mavensophie! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Win 32-Tls Hack-A Trojan
Ok i have been discussing the fact thati was part of that hack of CCleaner ver 5.33 here is link to those threads >>> https://www.techsupportforum.com/forums/f112/trojan-nyet-ya-and-ccleaner-1210873.html I ran Avast a/v on my WinXp Lenovo adter discovering that the supposed new CCleaner version...
bigalster Resolved HJT Threads 17 09-26-2017 08:27 PM
url:mal virus
I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2". I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad: Thanks in advance.:bang head: Dell...
Larry Crooms Resolved HJT Threads 35 01-14-2014 04:16 AM
Cannot create shortcuts
Hello, I've been having issues with my computer for a while. It started out with a virus that "scanned" my computer for an infection, and of course my wife hits "OK". I had thought i cleaned that up, then I had the "The FBI has locked your computer" for whatever reason, and I had cleaned that up...
Andy_F Resolved HJT Threads 76 02-19-2013 06:46 PM
Repost Per: CatByte Trojan:dos/alureon.e and SmartHDD problem
Trojan:dos/alureon.e and SmartHDD problem Hello, I hope I'm at the right area for help. This pc I'm on was infected with Trojan:dos/alureon.e and SmartHDD. I was able to get to the net somehow and I installed and ran Malwarebytes and got rid of SmartHDD. Then I ran Windows Defender and it found...
mg67 Resolved HJT Threads 23 07-30-2012 06:24 AM
virus removal help
:smile::smile: thanks in advance for any help you can provide. i have been a member on the forum for a number of yrs, and you have helped me in the past. i started to see my pc slow down so i did all the standard (cleaning, delete all tmp files, etc) it did not help. then i notice that i was...
stroh Resolved HJT Threads 50 03-04-2012 07:06 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:36 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts