Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer is dead slow. I think it's infected. Pls. help

malware infection

  • Please log in to reply

#46
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Kinner,

PFB the first log, process explorer log to follow.

Also to share I'm travelling out of town and will be back mid next week, hence pls. bear with my slow responses in between.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by Abhishek (administrator) on ABHISHEK-PC (13-05-2016 11:54:33)
Running from C:\Users\Abhishek\Desktop\lappy servicing\pass 4
Loaded Profiles: Abhishek (Available Profiles: Abhishek)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Google, Inc) C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-27] (SigmaTel, Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Google Photos Backup] => C:\Users\Abhishek\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [Google Update] => C:\Users\Abhishek\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-4265441916-1708264049-1492465063-1000\...\MountPoints2: {e976b236-dbbd-11e5-921f-001d09b30651} - E:\Lenovo_Suite.exe
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A83287A-D71F-4237-AB40-4034D9B190F6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7D4E8676-CA67-4363-B1F6-AF936D8E1A19}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{C1FE5EAB-C0E5-4346-A19F-D330AF073C78}: [DhcpNameServer] 125.99.61.254 116.72.253.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-02-17] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-14] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc;version=0.8.6f -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-4265441916-1708264049-1492465063-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Abhishek\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-05-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-04-01] [not signed]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-05-01] [not signed]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> erailir
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll => No File
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (PNR Status Watchlist) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\almdggoleggeecgelbjekpmefpohdjck [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (eRail.in) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc [2016-01-05]
CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (MySmartPrice) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda [2016-05-13]
CHR Extension: (Google Search) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (PriceRaja - Online Shopping at Best Prices) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomcjhhocjpoeifolgnclcgnlmaphdda [2016-02-13]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-27] (SigmaTel, Inc.)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-24] (Gteko Ltd.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-04] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-09] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-19] (SingleClick Systems)
S3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-06] (Gteko Ltd.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-27] (SigmaTel, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-24 16:32 - 2016-04-24 16:33 - 01292424 _____ (Ruiware) C:\Users\Abhishek\Downloads\wpsetup (1).exe
2016-04-18 22:09 - 2016-04-18 22:09 - 00008657 _____ C:\Users\Abhishek\Downloads\YOU broadband receipt.pdf
2016-04-18 18:26 - 2016-04-18 18:28 - 05164720 _____ (Lenovo ) C:\Users\Abhishek\Downloads\SHAREitTHIRDPART.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-13 11:54 - 2015-03-14 23:46 - 00000000 ____D C:\FRST
2016-05-13 11:42 - 2014-05-09 11:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 11:42 - 2008-09-17 23:12 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-13 11:42 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-13 11:42 - 2006-11-02 18:15 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-13 11:42 - 2006-11-02 18:15 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-11 22:38 - 2014-08-11 00:19 - 00000400 _____ C:\Windows\Tasks\WpsNotifyTask_Abhishek.job
2016-05-11 22:29 - 2016-02-03 08:58 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000UA.job
2016-05-11 22:29 - 2016-02-03 08:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 22:23 - 2014-08-17 16:13 - 00000400 _____ C:\Windows\Tasks\WpsUpdateTask_Abhishek.job
2016-05-11 18:46 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\inf
2016-05-11 18:46 - 2006-11-02 16:03 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-11 18:31 - 2015-06-01 01:07 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265441916-1708264049-1492465063-1000Core.job
2016-05-08 12:17 - 2012-04-23 23:12 - 00000000 ____D C:\Users\Abhishek\AppData\Roaming\vlc
2016-05-08 12:15 - 2014-07-30 15:20 - 00000000 ____D C:\persabhi
2016-04-24 19:29 - 2007-12-28 13:46 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-04-24 19:29 - 2006-11-02 18:28 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-24 16:40 - 2015-07-03 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-04-24 16:39 - 2014-11-06 22:42 - 00000000 ____D C:\ProgramData\InstallMate
2016-04-18 18:31 - 2013-08-05 23:19 - 00000000 ____D C:\mvs
2016-04-18 18:29 - 2016-03-25 14:53 - 00000000 ____D C:\MagicPlusMini
 
==================== Files in the root of some directories =======
 
2008-08-09 15:15 - 2012-08-13 00:44 - 0000568 _____ () C:\Users\Abhishek\AppData\Roaming\wklnhst.dat
2008-04-09 10:45 - 2016-02-25 18:00 - 0006324 _____ () C:\Users\Abhishek\AppData\Local\d3d9caps.dat
2008-01-04 09:26 - 2016-01-11 21:34 - 0138240 _____ () C:\Users\Abhishek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-11 22:33 - 2008-08-11 22:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-13 11:48
 
==================== End of FRST.txt ============================

  • 0

Advertisements


#47
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Kinner,

 

My machine is [bleep] slow to work on it. I will be sharing the processor log by tomorrow.

Appreciate your patince with me on this.

 

Wishes,

Abhi


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No problem.


  • 0

#49
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Kinner,

 

Here's the process explorer log (retrieved in safe mode with networking):

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 81.06 0 K 24 K 0
procexp.exe 12.12 21,280 K 29,468 K 1136 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 3.03 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 3.03 2,204 K 15,352 K 532 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.76 0 K 46,556 K 4
explorer.exe < 0.01 25,792 K 34,952 K 1932 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 2,668 K 5,400 K 612 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,188 K 12,912 K 1200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 1,552 K 4,508 K 1164 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,140 K 5,704 K 1532 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,412 K 4,432 K 576 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,148 K 3,760 K 540 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,136 K 4,096 K 1144 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,308 K 16,708 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,708 K 5,556 K 848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,128 K 5,228 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,724 K 11,740 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,452 K 5,924 K 1216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,060 K 6,532 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,256 K 10,364 K 1332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,192 K 5,148 K 1436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 288 K 760 K 444 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 94,160 K 1,01,164 K 928 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 1,532 K 3,664 K 636 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 3,032 K 1,824 K 628 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,564 K 5,296 K 496 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
 
PS: Sincere thanks for your patience on me.
 
Wishes,
Abhi

  • 0

#50
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Kinner ... my machine it now just useless ... lying as a small metal box on my table ... nothing more :(
Dou you see anything in the logs?

Abhishek
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Interrupts 3.03 0 K 0 K n/a Hardware Interrupts and DPCs  

 

This should be around 1.

 

Usually a bad driver but on a laptop can be caused by a bad battery.

 

Try runnng in safe mode with networking.

 

 
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

  • 0

#52
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Kinner,

 

Appreciate your response.

What should I do in the safe mode? Do you want me to re-run the processor explorer in safe mode with networking?

 

Also to share yeah there's issue with my battery since past few days. Requested a replacement and as of now my notebook is running directly on power.

 

-Abhishek


  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You can run another process explorer log but mainly just tell me if it runs a lot faster in Safe Mode with Networking.


  • 0

#54
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Kinner,

Fine I sell run the prices explore againin safe mode n share d log with u.
Yes it runs faster in safe mode with networking but I will not say lot faster.

Also good news i have replaced a new battery, hope this improve the interrupt thing this time.

Abhi
  • 0

#55
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Kinner,

PFB the latest processor log in safe mode with networking:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.46 0 K 24 K 0
procexp.exe 1.54 16,960 K 22,888 K 1948 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
csrss.exe < 0.01 1,880 K 6,744 K 532 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe < 0.01 23,180 K 31,744 K 2012 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lsass.exe < 0.01 2,900 K 7,344 K 628 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 2,388 K 5,200 K 612 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 12,780 K 12,892 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
wmpnscfg.exe 1,520 K 4,484 K 928 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe 3,140 K 5,736 K 1492 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 1,268 K 4,308 K 584 Windows Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wininit.exe 1,120 K 3,748 K 540 Windows Start-Up Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
unsecapp.exe 2,120 K 4,084 K 1584 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 6,124 K 10,440 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,396 K 16,828 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,636 K 5,460 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,104 K 5,140 K 784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,252 K 6,480 K 1044 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3,532 K 6,020 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,560 K 10,504 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,188 K 5,180 K 1404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 284 K 744 K 380 Windows Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
MsMpEng.exe 72,884 K 38,848 K 920 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 1,508 K 3,676 K 636 Local Session Manager Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe 1,540 K 4,984 K 496 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System < 0.01 0 K 4,244 K 4
 
-Abhi

  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

This is much better.  Search for msconfig and hit Enter.  That should open a new Window.

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot. 
 
Run Process Explorer and look at the Interrupts.  If they are still under 1.5 % then one of the items you unchecked is the culprit.  If not then it's likely to be the video driver (try booting into the Safe Mode Menu, Low Resolution Video option.  
 
If one of the items you unchecked is causing it you have to find it by trial and error.  Recheck about 1/2 of the items you unchecked and reboot.  If that interrupts is still good then do 1/2 of the remaining.  If bad then uncheck about 1/2 of the items you had just checked.  Keep it up until you isolate it down to a particular item or two.  Then let me know what they are.
 
Going to be away from the PC today.  Back this evening.

  • 0

#57
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi Kinner - GM,

 Hope you had a nice week end.

 

Below is the process explorer log and I can still see the interrupts < 1.5. Just confirming if now I need to go the trial & error way!!

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 99.23 0 K 24 K 0
procexp.exe 0.77 19,560 K 26,056 K 972 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
csrss.exe < 0.01 1,700 K 5,640 K 468 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,384 K 16,940 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe < 0.01 23,008 K 31,620 K 1844 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 3,244 K 5,848 K 620 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe < 0.01 73,228 K 38,748 K 860 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
services.exe < 0.01 2,236 K 5,036 K 548 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,288 K 13,144 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,536 K 4,984 K 432 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
wmpnscfg.exe 1,524 K 4,504 K 388 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,376 K 4,420 K 520 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,124 K 3,732 K 476 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,112 K 4,084 K 1064 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
System 0 K 46,684 K 4
svchost.exe 7,796 K 11,884 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,564 K 5,412 K 776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,128 K 5,208 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,360 K 5,860 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,228 K 6,460 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,200 K 10,280 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,188 K 5,212 K 1348 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 288 K 744 K 380 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 1,512 K 3,648 K 572 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 2,896 K 7,304 K 564 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
 
-Abhi

  • 0

#58
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

If this is with a bunch of stuff unchecked in msconfig and rebooted into regular mode then yes you need to go through and find out which check marks cause it to jump up.


  • 0

#59
abhi6512

abhi6512

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

ok, thanks Kinner. My aim would be to get the interrupts jump above 1.5 .. right !!


  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

BELOW 1.5


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP