[67mopar]

Win32/Bundled.toolbar.Google.D  3 entries

a varient of MSIL/RegProCleaner.A   1 entry

 

also a different virus rmoved from AVG   trojanhorse.msil9.afqi     still at 45%   if this dont complete by morning I will quit,  hard to say how or what is bogging this down, but mostly internet and programs are slow, it was instant untill a few days ago,  almost like the ram itself has been removed or blocked.    Thanks again for your patience and attention Bruce

[Advertisements]

the link for sinister processes is a bad link, advise

[67mopar]

the link for sinister processes is a bad link, advise

[Bruce1270]

Hi 67mopar

Try this link http://filehippo.com...ocess_explorer/

 

Click the green download button.

[67mopar]

C:\$Recycle.Bin\S-1-5-21-3339490808-3639073983-2094825787-1002\$RYMWD25.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\dean\AppData\Local\PCTuner\PCTuner.exe    a variant of MSIL/RegProCleaner.A potentially unwanted application
C:\Users\dean\Downloads\ccsetup504(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\dean\Downloads\ccsetup504.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

[67mopar]

I downloaded your link its Process explorer I dont know how to get it copied for you to see, advise

[Bruce1270]

Sorry for the delay.

Run Process explorer.

• Click on View > Select Column > tick Verified Signer >OK
• Click Options >Verify Image Signatures
  
  
  Then Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
  
  Wait a full minute then:
  
  File, Save As, Save to desktop. Open the file .txt on your desktop and copy and paste the text to a reply.

[67mopar]

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    96.31    0 K    24 K    0            
procexp64.exe    1.54    52,040 K    61,196 K    7240    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Interrupts    0.57    0 K    0 K    n/a    Hardware Interrupts and DPCs        
firefox.exe    0.46    320,592 K    348,496 K    5468    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    0.35    27,196 K    36,948 K    4448    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.30    3,312 K    27,224 K    7244            
System    0.21    664 K    34,876 K    4            
DBRCrawler.exe    0.07    29,784 K    26,576 K    3548            
Toaster.exe    0.06    73,304 K    74,244 K    6548            
TeamViewer_Service.exe    0.02    9,544 K    20,612 K    3196    TeamViewer 10    TeamViewer GmbH    (Verified) TeamViewer
explorer.exe    0.02    80,660 K    175,200 K    4404    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    195,380 K    215,264 K    1376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
EvtEng.exe    0.01    10,144 K    22,956 K    2648    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
avgwdsvc.exe    0.01    13,280 K    24,680 K    2316    AVG Watchdog Service    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
CCleaner64.exe    0.01    14,380 K    11,660 K    3312            
SASCore64.exe    < 0.01    5,944 K    8,632 K    2184            
PDFProFiltSrv.exe    < 0.01    1,568 K    4,004 K    3092    PDFPROFILTSRV.EXE    Nuance Communications, Inc.    (Verified) Nuance Communications
svchost.exe    < 0.01    14,980 K    23,624 K    1416    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    38,868 K    26,156 K    1332    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
cvpnd.exe    < 0.01    2,860 K    8,104 K    2504    Cisco Systems VPN Client    Cisco Systems, Inc.    (Verified) Cisco Systems
AppleMobileDeviceService.exe    < 0.01    4,504 K    53,024 K    2244    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
svchost.exe    < 0.01    19,560 K    20,444 K    1924    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe    < 0.01    7,708 K    30,724 K    1324            
taskhost.exe    < 0.01    9,100 K    13,624 K    1948    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    52,044 K    73,316 K    1460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
TeamViewer.exe    < 0.01    27,120 K    53,628 K    7536    TeamViewer 10    TeamViewer GmbH    (Verified) TeamViewer
wmpnetwk.exe    < 0.01    8,604 K    37,640 K    5136    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
ZeroConfigService.exe    < 0.01    9,012 K    21,236 K    3260    Intel® PROSet/Wireless Zero Configure Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
SearchProtocolHost.exe    < 0.01    2,976 K    8,712 K    6592            
tv_w32.exe    < 0.01    1,556 K    4,988 K    8040            
svchost.exe    < 0.01    7,292 K    12,336 K    2692    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
tv_x64.exe    < 0.01    2,364 K    5,780 K    4564            
RAVBg64.exe    < 0.01    29,944 K    25,092 K    7272    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
iFrmewrk.exe    < 0.01    14,240 K    30,460 K    4180    Intel® PROSet/Wireless Framework    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
csrss.exe    < 0.01    3,460 K    5,504 K    1012            
avgui.exe    < 0.01    8,200 K    7,288 K    5264    AVG User Interface    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
WmiPrvSE.exe        8,556 K    12,388 K    3588            
WmiPrvSE.exe        6,336 K    12,568 K    3572            
winlogon.exe        3,452 K    7,804 K    7796            
wininit.exe        1,724 K    4,388 K    664            
unsecapp.exe        2,264 K    5,896 K    3496            
unsecapp.exe        2,468 K    6,936 K    6460    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        16,216 K    22,512 K    3728    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe        6,880 K    13,844 K    1636            
taskeng.exe        2,376 K    6,288 K    572    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,956 K    5,380 K    3792            
svchost.exe        9,712 K    13,388 K    1252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,332 K    12,648 K    1176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        21,436 K    23,712 K    1336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        14,944 K    15,936 K    2092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,224 K    6,976 K    1580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,272 K    5,256 K    4020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,552 K    10,548 K    2580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sppsvc.exe        2,764 K    8,840 K    5796    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        9,476 K    13,632 K    1616    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        580 K    1,132 K    344            
sidebar.exe        2,344 K    7,440 K    6768            
SftService.exe        4,708 K    9,412 K    6900    SoftThinks Agent Service    SoftThinks SAS    (Verified) Dell Inc
services.exe        8,236 K    11,032 K    908            
SearchFilterHost.exe        3,204 K    7,208 K    6540            
SDWinSec.exe        13,428 K    18,476 K    3328    Spybot-S&D Security Center integration    Safer Networking Ltd.    (Verified) Safer Networking Ltd.
SboxSvc.exe        2,260 K    4,596 K    1716    Invincea Sandbox Service    Invincea, Inc.    (Verified) Invincea
rundll32.exe        4,348 K    23,928 K    6320    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        15,504 K    18,612 K    4824    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe        2,376 K    5,380 K    1836    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RegSrvc.exe        3,248 K    8,644 K    3132    Intel® PROSet/Wireless Registry Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe        17,540 K    15,516 K    4208    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RAVBg64.exe        15,660 K    16,036 K    6672            
procexp.exe        2,696 K    6,756 K    5084    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
obexsrv.exe        3,720 K    7,592 K    5388    Bluetooth OBEX Service    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
o2flash.exe        2,244 K    4,980 K    6848    O2 Flash Memory Service    O2Micro International    (Verified) O2Micro Inc.
mediasrv.exe        5,168 K    8,992 K    5628    Bluetooth Media Service    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
mDNSResponder.exe        2,996 K    6,444 K    2356    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
lsm.exe        3,096 K    4,732 K    1080            
lsass.exe        5,840 K    13,056 K    1072    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
LMS.exe        9,708 K    16,888 K    6628    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
jusched.exe        8,472 K    15,300 K    4940    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
jhi_service.exe        1,916 K    5,068 K    6584    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
iusb3mon.exe        2,616 K    6,368 K    7648    iusb3mon    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
igfxtray.exe        3,360 K    16,500 K    5604    igfxTray Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
igfxsrvc.exe        4,324 K    8,648 K    6924    igfxsrvc Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
igfxpers.exe        3,780 K    9,768 K    4744    persistence Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
IAStorIcon.exe        21,820 K    26,536 K    4740    IAStorIcon    Intel Corporation    (Verified) Intel Corporation - Intel® Rapid Storage Technology
IAStorDataMgrSvc.exe        59,476 K    65,884 K    6480    IAStorDataSvc    Intel Corporation    (Verified) Intel Corporation - Intel® Rapid Storage Technology
hkcmd.exe        3,132 K    7,576 K    4256    hkcmd Module    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
HeciServer.exe        2,024 K    5,532 K    2772    Intel® Capability Licensing Service Interface    Intel® Corporation    (No signature was present in the subject) Intel® Corporation
GWX.exe        4,548 K    5,832 K    4304    GWX    Microsoft Corporation    (Verified) Microsoft Windows
devmonsrv.exe        4,112 K    8,236 K    5236    Bluetooth Device Monitor    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
ctfmon.exe        2,508 K    5,104 K    7576    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        1,084 K    2,712 K    1528            
conhost.exe        4,052 K    6,424 K    4620            
btplayerctrl.exe        2,980 K    6,948 K    7304    Bluetooth Media Player Controller    Motorola Solutions, Inc.    (Verified) Motorola Solutions Inc.
BleServicesCtrl.exe        3,460 K    13,424 K    2300    Bluetooth LE Services Control Program    Intel Corporation    (Verified) Intel Corporation-Mobile Wireless Group
audiodg.exe        20,184 K    20,248 K    2532            
armsvc.exe        1,212 K    3,856 K    2220    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
 

[Bruce1270]

Hi 67mopar

We'll remove the items that ESET found.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\$Recycle.Bin\S-1-5-21-3339490808-3639073983-2094825787-1002\$RYMWD25.exe
C:\Users\dean\AppData\Local\PCTuner
C:\Users\dean\Downloads\ccsetup504(1).exe
C:\Users\dean\Downloads\ccsetup504.exe
EmptyTemp:

• Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
  
• Run FRST by right clicking on it and selecting Run as Administrator and press Fix
• On completion a log (fixlog.txt) will be generated.
• Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.
  
  
  I'm not seeing anything out of the ordinary from process explorer. Let's try a clean boot and see how the system performs.
  
  
  Step2 - Windows clean boot.
  
  
  Please put your operating system into a clean boot state
  
  To do this follow the steps in this guide.
  
  Once the computer has restarted in a clean boot environment, try running a few programs and opening a browser. How does the computer respond?

[67mopar]

fixlist content:
*****************
C:\$Recycle.Bin\S-1-5-21-3339490808-3639073983-2094825787-1002\$RYMWD25.exe
C:\Users\dean\AppData\Local\PCTuner
C:\Users\dean\Downloads\ccsetup504(1).exe
C:\Users\dean\Downloads\ccsetup504.exe
EmptyTemp:
*****************

C:\$Recycle.Bin\S-1-5-21-3339490808-3639073983-2094825787-1002\$RYMWD25.exe => moved successfully
C:\Users\dean\AppData\Local\PCTuner => moved successfully
C:\Users\dean\Downloads\ccsetup504(1).exe => moved successfully
C:\Users\dean\Downloads\ccsetup504.exe => moved successfully
EmptyTemp: => 46.5 MB temporary data Removed.
 

[67mopar]

running pretty good now, something was hanging it up hope its gone for good,  can we do another computer or is that against the rules, also as i sadi thei was a corporate computer did you see anything I can get rid of?  so many files are meaningless to me.  Thank You Bruce for your time and patience.  I appreciate it

[Bruce1270]

Hi 67mopar
 

running pretty good now

Can you confirm if this is with or without the clean boot?

Thanks

[67mopar]

clean boot

[67mopar]

rebooted seems fine,  any idea what the culprit was?

[Bruce1270]

Hi 67mopar

Please follow the steps in this guide to ensure the clean boot state has been removed and return to normal.

Once rebooted, confirm how the PC is running and what issues if any remain?

Thanks

[67mopar]

Im not quite sure what it means , it seems like I did the same thing 2 times, anyway its running rebooted and working,  how do I know if I set it back correctly, sorry.