Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Post-malvertising removal sluggishness

malvertising trojans slow

  • Please log in to reply

#1
shelovestomuse

shelovestomuse

    Member

  • Member
  • PipPipPip
  • 121 posts
Howdy! After reading the article by Sophos/Naked Security "Malvertising Meets the Daily Mail", I did a full scan that yielded four of the trojans they described, all marked as severe threats by Windows Defender.
 
Obviously, they all got quarantined and deleted.
 
The computer's still been running sluggishly since then, so I thought I come over and let y'all have a look at it, see if there's anything that I need to fix or be alarmed about.
 
(This is the second time I try to post this. First time it took its time before coming back with a broken page. I did check to make sure it didn't post anyway before doing this rewrite.)
 
Here are the FRST logs:
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Laptop (administrator) on LAPTOP-PC (09-11-2015 08:58:52)
Running from C:\Users\Laptop\Desktop
Loaded Profiles: Laptop (Available Profiles: Laptop)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Laptop\AppData\Roaming\AnyMeeting\anymeeting.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Users\Laptop\AppData\Roaming\AnyMeeting\anymeeting.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-02-08] (Intel® Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-10-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-07-23] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3021901086-337452860-1090711334-1000\...\Run: [GoogleChromeAutoLaunch_91B4BC4B9D616919C5D60BDCE2C341BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-3021901086-337452860-1090711334-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyMeeting.lnk [2015-03-23]
ShortcutTarget: AnyMeeting.lnk -> C:\Users\Laptop\AppData\Roaming\Microsoft\Installer\{4DF71428-E2A8-4FED-8D67-B37D706D008F}\_0069DB8BE13A1BAE92D27C.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{103212A1-1ECF-4DF0-9805-0A8613F06C04}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39E7204A-0B8D-4B9C-AA1B-D01E60040436}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6526ADE7-9804-4311-86EF-2DEB5BB0B273}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3021901086-337452860-1090711334-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-3021901086-337452860-1090711334-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-29] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3021901086-337452860-1090711334-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Laptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-3021901086-337452860-1090711334-1000: @cnw.com/cnwplugin -> C:\Users\Laptop\AppData\Roaming\AnyMeeting\npcnwplugin.dll [2014-12-10] (AnyMeeting, Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://gmail.com/","hxxps://us-mg5.mail.yahoo.com/neo/launch?.partner=vz-acs&.rand=36voaumdhao70","hxxp://doterra.myvoffice.com/","hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1","hxxp://forecast.weather.gov/MapClick.php?CityName=College+Station&state=TX&site=HGX&lat=30.6005&lon=-96.3124#.U8FTuvldVZ8","hxxp://collegestation.craigslist.org/","hxxp://forecast.weather.gov/MapClick.php?lat=37.16569731787803&lon=-93.312665848949&site=all&smap=1#.VVlpx_lVikp"
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Pin It Button) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-10-28] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-06] (BayHubTech/O2Micro International)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{D80911CB-16D5-4F38-B380-F38DC58846C3}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87424 2012-10-22] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-18] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [209720 2014-03-25] (BayHubTech/O2Micro )
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 08:58 - 2015-11-09 08:59 - 00017819 _____ C:\Users\Laptop\Desktop\FRST.txt
2015-11-09 08:57 - 2015-11-09 08:58 - 00000000 ____D C:\FRST
2015-11-09 08:55 - 2015-11-09 08:56 - 02198528 _____ (Farbar) C:\Users\Laptop\Desktop\FRST64.exe
2015-11-03 10:35 - 2015-11-03 10:35 - 00000000 ____D C:\Users\Laptop\AppData\Local\CEF
2015-11-02 09:45 - 2015-11-04 22:49 - 00011030 _____ C:\Users\Laptop\Desktop\tamales_orders_Dec2015.xlsx
2015-10-30 11:12 - 2015-11-03 10:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 11:12 - 2015-10-30 11:12 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-30 11:12 - 2015-10-30 11:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-14 14:04 - 2015-10-28 14:16 - 00000000 ____D C:\Users\Laptop\Desktop\etchinginfo
2015-10-14 13:26 - 2015-10-14 13:29 - 07062460 _____ C:\Users\Laptop\Desktop\etchinginfo2.zip
2015-10-14 13:25 - 2015-10-14 13:29 - 10301903 _____ C:\Users\Laptop\Desktop\etchinginfo.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 08:49 - 2015-06-01 05:35 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3021901086-337452860-1090711334-1000.job
2015-11-09 08:37 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 08:37 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 08:27 - 2014-09-03 17:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-09 08:24 - 2009-07-13 23:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-09 08:22 - 2014-09-03 22:41 - 01428875 _____ C:\Windows\WindowsUpdate.log
2015-11-09 08:21 - 2014-09-03 18:06 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-09 08:20 - 2015-03-23 13:13 - 00000000 ____D C:\Users\Laptop\AppData\Local\AnyMeeting
2015-11-09 08:20 - 2014-12-10 14:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 08:19 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-09 08:19 - 2009-07-13 22:51 - 00097035 _____ C:\Windows\setupact.log
2015-11-09 08:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-11-08 22:17 - 2014-09-24 11:53 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3021901086-337452860-1090711334-1000.job
2015-11-08 22:06 - 2014-12-10 14:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 06:27 - 2014-09-11 09:42 - 00000000 ____D C:\Users\Laptop\Desktop\doTERRA
2015-11-06 16:19 - 2015-06-01 05:35 - 00003694 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3021901086-337452860-1090711334-1000
2015-11-06 16:19 - 2014-09-24 11:53 - 00003598 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3021901086-337452860-1090711334-1000
2015-11-05 08:34 - 2014-09-24 11:52 - 00000000 ____D C:\Users\Laptop\AppData\Local\Citrix
2015-11-05 06:30 - 2009-07-13 23:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-04 14:10 - 2015-02-18 16:22 - 00000000 ____D C:\Users\Laptop\Desktop\Driver Ed
2015-11-03 10:35 - 2014-09-10 19:59 - 00000000 ____D C:\Users\Laptop\AppData\Local\Adobe
2015-10-31 09:13 - 2010-11-20 21:47 - 00242878 _____ C:\Windows\PFRO.log
2015-10-30 11:12 - 2014-12-30 16:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 11:12 - 2014-09-10 20:17 - 00000000 ____D C:\ProgramData\Adobe
2015-10-29 20:47 - 2014-09-04 08:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 21:44 - 2015-01-16 08:17 - 00000000 ____D C:\Users\Laptop\Desktop\Stinky and Stacey
2015-10-22 21:57 - 2014-12-10 14:31 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-21 10:11 - 2014-10-20 11:18 - 00000367 _____ C:\Users\Laptop\Sti_Trace.log
2015-10-19 19:22 - 2015-03-14 22:22 - 00000000 ____D C:\Users\Laptop\Desktop\Photos
 
==================== Files in the root of some directories =======
 
2015-07-30 05:23 - 2015-07-30 05:23 - 0003584 _____ () C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-05 20:04
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Laptop (2015-11-09 08:59:20)
Running from C:\Users\Laptop\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-09-04 02:22:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3021901086-337452860-1090711334-500 - Administrator - Disabled)
Guest (S-1-5-21-3021901086-337452860-1090711334-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3021901086-337452860-1090711334-1002 - Limited - Enabled)
Laptop (S-1-5-21-3021901086-337452860-1090711334-1000 - Administrator - Enabled) => C:\Users\Laptop
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
AnyMeeting (HKLM-x32\...\{4DF71428-E2A8-4FED-8D67-B37D706D008F}) (Version: 3.1.0 - AnyMeeting, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.2.3880 (HKU\S-1-5-21-3021901086-337452860-1090711334-1000\...\GoToMeeting) (Version: 7.4.2.3880 - CitrixOnline)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 19.0.27.1 (HKLM\...\PROSetDX) (Version: 19.0.27.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.7.1000 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13291.0 - Linksys LLC)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3021901086-337452860-1090711334-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3021901086-337452860-1090711334-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
18-10-2015 12:11:28 Windows Update
21-10-2015 19:53:16 Windows Update
25-10-2015 13:40:36 Windows Update
29-10-2015 11:45:42 Windows Update
03-11-2015 07:09:49 Windows Update
06-11-2015 16:08:38 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0222DD64-BBA5-4E22-8C46-A6A527508A89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {1B5729FE-F2C4-4F48-BF45-38953A977869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5AB9185C-7E6C-4F99-AF72-DD60856614CE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {6730883E-99D8-4EFA-BED7-1115AF15CC49} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {68262B81-808E-48BA-87A0-70951AF1C282} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {72277CDE-C827-40A2-88F5-06BC06DDDB59} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {72F8FD5B-8072-4D73-AA16-2C204D264936} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8B22CBB7-9B33-4472-B151-1FD36E68AAC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-03] (Adobe Systems Incorporated)
Task: {8D87563A-5209-4072-AC0A-CE8A7EC682AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9361DBCB-A79F-474D-B614-CA1CE8C675E6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9B51528B-5E67-4F4A-8A7A-4FAEF2F0B13C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A1EC759E-C092-4791-B04D-71EE82E09A17} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A3928D13-3164-4099-AA1D-C13737C49902} - System32\Tasks\G2MUploadTask-S-1-5-21-3021901086-337452860-1090711334-1000 => C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe [2015-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B6FF8C75-B291-4508-A0EC-3C5F04D64A67} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D08D3616-6649-4F4A-91A7-63B5A9E1CF95} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {FF4C5D54-9157-4F85-94C9-6A039C9D4F1D} - System32\Tasks\G2MUpdateTask-S-1-5-21-3021901086-337452860-1090711334-1000 => C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe [2015-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3021901086-337452860-1090711334-1000.job => C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3021901086-337452860-1090711334-1000.job => C:\Users\Laptop\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-04 08:15 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-29 20:43 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-03 18:06 - 2014-03-12 11:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-03 18:06 - 2014-03-12 11:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-03 18:06 - 2014-03-12 11:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-12-10 09:20 - 2014-12-10 09:20 - 50935552 _____ () C:\Users\Laptop\AppData\Roaming\AnyMeeting\anymeeting.exe
2014-12-10 09:20 - 2014-12-10 09:20 - 00886656 _____ () C:\Users\Laptop\AppData\Roaming\AnyMeeting\ffmpegsumo.dll
2015-10-22 21:57 - 2015-10-20 08:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-22 21:57 - 2015-10-20 08:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2014-09-03 17:57 - 2013-11-13 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3021901086-337452860-1090711334-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6DCE68FA-3112-4A8A-94E2-D57EC19B9AF1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A15D0D91-C16F-4E8A-AAA4-F1B23D5E65BF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{5A49ED6B-F9D7-46FD-B2CA-CE45D0D27B68}] => (Allow) C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2A868C58-EF82-4231-BD71-3453215DD496}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57BA2018-7C7B-4E79-8003-CF91DEABFCC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{029C2ACF-8DCF-45EC-92EF-7F69525F4A1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F558D26C-E880-4B0D-A762-77A929B118A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F9438EB-159C-4517-979E-37AAE8F6A77E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{70453EBE-9CE0-4EDA-9E39-882946094A99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2015 08:19:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2015 06:28:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/08/2015 06:41:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/07/2015 06:35:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/07/2015 10:15:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/07/2015 05:06:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2015 08:49:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2015 03:56:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2015 07:10:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/05/2015 07:03:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/09/2015 08:20:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/09/2015 06:29:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/08/2015 06:51:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (11/08/2015 06:51:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (11/08/2015 06:42:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/07/2015 06:36:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/07/2015 10:16:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/07/2015 05:07:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/06/2015 08:50:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/06/2015 03:57:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
CodeIntegrity:
===================================
  Date: 2014-09-18 16:18:31.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-18 16:18:31.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 8097.53 MB
Available physical RAM: 5749.34 MB
Total Virtual: 16193.26 MB
Available Virtual: 13672.34 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.43 GB) (Free:339.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3E41F8D5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I don't see any malware so let's check for damage it might have done:
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 

  • 0

#3
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Howdy! I ran the sfc /scannow, and it came back with "Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log...

 

You said to do the rest only if it came back as not being able to repair everything.

 

Does this mean I'm done already?  :cool:

 

Or should I perform some of the other steps?


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

No not done.  Continue from the line:

 

1. Please download the Event Viewer Tool by Vino Rosso


  • 0

#5
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/11/2015 6:29:12 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/11/2015 4:26:33 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 16/11/2015 4:26:30 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/11/2015 4:24:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 16/11/2015 4:24:59 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/11/2015 6:29:47 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/11/2015 4:25:32 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 87.35 0 K 24 K 0
MsMpEng.exe 8.84 118,620 K 118,548 K 968 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 0.99 75,064 K 70,468 K 4496 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.45 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 0.45 201,444 K 208,192 K 424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.40 192 K 2,732 K 4
dwm.exe 0.33 36,012 K 26,408 K 3980 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.29 3,184 K 35,960 K 652 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.23 44,760 K 45,244 K 2416 Google Chrome Google Inc. (Verified) Google Inc
spoolsv.exe 0.18 10,684 K 19,428 K 1672 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
ApMsgFwd.exe 0.08 2,640 K 5,968 K 3004 ApMsgFwd Alps Electric Co., Ltd. (Verified) Alps Electric Co.
chrome.exe 0.07 112,928 K 155,944 K 4640 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.06 67,560 K 107,080 K 2956 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.06 61,388 K 80,864 K 4396 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.05 39,984 K 57,868 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.02 21,600 K 16,096 K 4416 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 8,664 K 14,560 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WavesSvc64.exe 0.01 1,044 K 2,544 K 4116 Waves MaxxAudio Service Application Waves Audio Ltd. (Verified) Waves Inc
chrome.exe 0.01 87,408 K 106,944 K 6508 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 27,148 K 26,076 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.01 85,972 K 102,556 K 4008 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 58,404 K 90,304 K 5276 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 17,336 K 25,388 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 181,344 K 497,588 K 2944 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 5,804 K 11,560 K 832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 41,064 K 55,960 K 6720 Google Chrome Google Inc. (Verified) Google Inc
iPodService.exe 0.01 2,852 K 7,400 K 3664 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
Apoint.exe < 0.01 3,748 K 10,936 K 4540 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.
EvtEng.exe < 0.01 7,056 K 14,780 K 1272 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
chrome.exe < 0.01 142,892 K 163,528 K 2960 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 64,156 K 88,464 K 3316 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 117,888 K 102,392 K 4292 Google Chrome Google Inc. (Verified) Google Inc
taskhost.exe < 0.01 8,168 K 12,256 K 3772 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 54,688 K 77,896 K 6948 Google Chrome Google Inc. (Verified) Google Inc
iFrmewrk.exe < 0.01 6,468 K 17,848 K 3412 Intel® PROSet/Wireless Framework Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe < 0.01 29,712 K 24,356 K 4124 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
AppleMobileDeviceService.exe < 0.01 3,952 K 11,828 K 1824 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 17,688 K 17,728 K 1344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,548 K 16,916 K 5816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe < 0.01 7,304 K 16,724 K 1508 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 51,528 K 71,076 K 2652 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 44,908 K 56,340 K 1316 Google Chrome Google Inc. (Verified) Google Inc
ZeroConfigService.exe < 0.01 7,900 K 18,336 K 2432 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
officeclicktorun.exe < 0.01 23,664 K 33,180 K 1892 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
dllhost.exe < 0.01 4,788 K 11,976 K 3120 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,640 K 5,548 K 564 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 5,392 K 15,484 K 4612 iTunesHelper Apple Inc. (Verified) Apple Inc.
PrivacyIconClient.exe < 0.01 51,708 K 18,300 K 4456 Intel® Management and Security Status Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
o2flash.exe < 0.01 984 K 3,600 K 6060 O2 Flash Memory Service BayHubTech/O2Micro International (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe < 0.01 1,236 K 4,020 K 1804 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
RAVBg64.exe < 0.01 15,416 K 12,812 K 1304 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
svchost.exe < 0.01 1,852 K 4,900 K 3268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe < 0.01 15,220 K 12,704 K 3724 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
jhi_service.exe < 0.01 1,428 K 4,572 K 6040 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Intel® Management Engine Firmware
RtkAudioService64.exe < 0.01 2,180 K 5,448 K 1280 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
msdtc.exe < 0.01 3,736 K 8,284 K 3428 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe < 0.01 17,164 K 14,564 K 4000 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
wmpnetwk.exe 10,460 K 11,172 K 5372 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,824 K 12,536 K 3028 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 8,552 K 16,248 K 3060 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,652 K 8,152 K 1020 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,676 K 4,620 K 628 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WebcamDell2.exe 30,336 K 8,484 K 4880 WebcamDell2.exe Creative Technology Ltd (No signature was present in the subject) Creative Technology Ltd
unsecapp.exe 2,148 K 6,392 K 4360 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,192 K 5,800 K 2860 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 9,500 K 14,008 K 4780 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,676 K 6,988 K 3824 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,216 K 17,064 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,804 K 11,276 K 908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,252 K 8,188 K 2352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,980 K 11,440 K 1960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 576 K 1,200 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 2,296 K 6,360 K 6340 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
SftService.exe 3,912 K 7,244 K 4832 SoftThinks Agent Service SoftThinks SAS (Verified) Dell Inc.
services.exe 8,340 K 11,536 K 684 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 4,164 K 13,812 K 2560 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RegSrvc.exe 2,816 K 8,144 K 2316 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Mobile Wireless Group
procexp.exe 2,308 K 7,528 K 1476 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
printfilterpipelinesvc.exe 6,632 K 12,920 K 2740 Print Filter Pipeline Host Microsoft Corporation (Verified) Microsoft Windows
obexsrv.exe 3,232 K 7,476 K 3012 Bluetooth OBEX Service Motorola Solutions, Inc. (Verified) Motorola Solutions Inc.
notepad.exe 1,436 K 6,240 K 6076 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 1,432 K 6,160 K 368 Notepad Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 15,892 K 11,972 K 3208 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 6,276 K 14,684 K 4604 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
mediasrv.exe 4,612 K 8,728 K 5352 Bluetooth Media Service Motorola Solutions, Inc. (Verified) Motorola Solutions Inc.
mDNSResponder.exe 2,500 K 6,008 K 1852 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,928 K 4,704 K 716 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,672 K 13,352 K 708 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 7,292 K 16,076 K 2288 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
iusb3mon.exe 2,132 K 5,736 K 4868 iusb3mon Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
itype.exe 8,076 K 456 K 3932 IType.exe Microsoft Corporation (Verified) Microsoft Corporation
IPROSetMonitor.exe 2,328 K 6,652 K 2236 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
ipoint.exe 5,540 K 2,656 K 4068 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
igfxtray.exe 3,124 K 7,568 K 4548 igfxTray Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
igfxsrvc.exe 3,584 K 7,988 K 4624 igfxsrvc Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
igfxpers.exe 3,284 K 9,376 K 4580 persistence Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
IAStorIcon.exe 22,156 K 29,136 K 7052 IAStorIcon Intel Corporation (Verified) Intel Corporation - Intel® Rapid Storage Technology
IAStorDataMgrSvc.exe 34,208 K 43,472 K 2748 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Intel® Rapid Storage Technology
hkcmd.exe 2,836 K 7,332 K 4572 hkcmd Module Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
hidfind.exe 1,928 K 4,852 K 2984 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.
HeciServer.exe 1,960 K 5,748 K 2208 Intel® Capability Licensing Service Interface Intel® Corporation (No signature was present in the subject) Intel® Corporation
GWX.exe 3,636 K 924 K 5952 GWX Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,456 K 6,364 K 4460 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,384 K 6,800 K 1932 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
devmonsrv.exe 3,780 K 7,828 K 6136 Bluetooth Device Monitor Motorola Solutions, Inc. (Verified) Motorola Solutions Inc.
conhost.exe 1,076 K 2,884 K 1516 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,728 K 4,916 K 588 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 2,088 K 5,836 K 3392 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
cmd.exe 2,272 K 3,060 K 804 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 57,528 K 76,964 K 6848 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 65,032 K 98,296 K 2296 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 41,248 K 51,976 K 3640 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 40,840 K 51,440 K 1952 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 44,044 K 56,548 K 5972 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 57,200 K 70,976 K 4892 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,724 K 23,944 K 5452 Google Chrome Google Inc. (Verified) Google Inc
btplayerctrl.exe 2,440 K 6,260 K 5968 Bluetooth Media Player Controller Motorola Solutions, Inc. (Verified) Motorola Solutions Inc.
BleServicesCtrl.exe 3,064 K 7,696 K 3500 Bluetooth LE Services Control Program Intel Corporation (Verified) Intel Corporation-Mobile Wireless Group
audiodg.exe 19,372 K 20,672 K 2332 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
ApntEx.exe 2,488 K 5,636 K 2992 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. (Verified) Alps Electric Co.
anymeeting.exe 34,804 K 45,328 K 1568 (Certificate expired)
anymeeting.exe 17,072 K 31,940 K 4748 (Certificate expired)
 
 
 

 

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Process Explorer shows Microsoft Security Essentials using a bit more than usual but otherwise it looks OK.   It may have been updating or something when you made the log.  Try another log and let's see if it stays high.

Your Anymeeting software seems to have an expired certificate.  You should probably uninstall it and if you use it, download a fresh copy and install it.

 

 

Your PC is running a tad hotter than I like but not yet in the danger zone.  Make sure you always run it on a hard surface so the air vents are not blocked.

 

Your hard drive has seen better days.  It is still showing status good but I would watch these values:

 

Attribute name Read Error Rate
Real value 0
Current 118
Worst 99
Threshold 6
Raw Value 000BC52658
Status Good
...
Attribute name Seek Error Rate
Real value 0
Current 78
Worst 60
Threshold 30
Raw Value 000499EB02
Status Good
09
 

 

 

If they keep climbing you probably should clone the drive and replace it  These errors can also slow things down.
 
Let's get Speedfan:
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)
 
It will tell you your temps in real time. (If you click on Configure then on Core you can check Show in Tray then OK  and even when minimized it will show the Core temp in the system tray (near the clock),  If you don't see it then Windows is hiding it.  Click on the up arrow to the left of the icons near the clock and  Customize.  Find Speedfan and change it to Show Icons and Notifications.  ) Leave it up and run something like a video or a scan or maybe sfc /scannow again and see if the temps climb into the 70s or higher.
 
 
Speed fan also has a neat hard drive quality section.  Click on S.M.A.R.T, use the dropdown arrow to select the drive and it will show you the stats on the drive and also analyse it for you.
 
Does it still seem sluggish?

  • 0

#7
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

Ok, there is something you've said that is causing me great concern, namely that the hard drive has seen better days.

 

I bought this laptop in Spring of '14. That summer, the hard drive failed, and they sent me a free replacement. Do you think this is a hard drive issue? Because I will call them and unleash the Mominator if it is. I haven't even finished paying the darn computer off yet!


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

I don't know whether that is the cause of your slowness but it certainly doesn't help.  Any time there is an error then it means the CPU has to wait for a second attempt to get it right.

 

There is a program from your drive maker: Seagate 

SeaTools for Windows 

that will test your hard drive.

 

http://www.seagate.c...ols-win-master/

 

If you run the Extended Test  and it says the drive is bad then you have a better chance of getting a replacement.


  • 0

#9
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts

I am going to do that today, then. I'll come back with the results. 

 

I appreciate you.


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
It will probably take several hours to run. Had a sick drive once that ran for almost a whole day and night.
Sometimes at the end it will ask you if you want it to try to fix the problem. Tell it yes.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malvertising, trojans, slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP