Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Someone put the brakes on....

Slow slow slow slow slow

  • Please log in to reply

#1
MrsMaximus

MrsMaximus

    Member

  • Member
  • PipPip
  • 11 posts

Hi,

 

A year or so ago, I bought myself a brand new laptop and was very pleased with how quickly it worked, compared to its predecessor.

 

However, a couple of months ago, its performance declined in that its general operation (i.e. Excel etc.) and internet operation became much slower.

 

To my knowledge, I haven't downloaded anything that could have caused this and there is very little software installed from discs. However, the only cause that I can think of is something malicious running in the background, using up my resources, without my knowledge.

 

I got a tip from a friend who told me this is the best place to get that question answered.

 

I've pasted the two FRST files below as set out in the instructions and would appreciate your feedback/help:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016
Ran by Owner (administrator) on LAPTOP (19-06-2016 10:14:38)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupon Printer\CouponPrinterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsScan_6.3.9654.17133_x64__8wekyb3d8bbwe\scanapp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5694640 2013-08-16] (VIA)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1456408 2016-06-08] (BullGuard Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-06-08] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-06-08] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-06-08] (BullGuard Ltd.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-03-05]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A12F2860-7F2B-45EF-B1A5-8DE43E8FA9B6}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{CAB2D349-7034-4DA7-9DA5-105CC6262F19}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3200451137-1316405179-3502684455-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.safesearch.net/?p=h&m=ie&c=wi&s=wi
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6wmm583t.default
FF Homepage: hxxps://uk.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-09] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3200451137-1316405179-3502684455-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-29] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6wmm583t.default\Extensions\[email protected] [2015-09-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\[email protected] => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1370392 2016-06-08] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [686360 2016-06-08] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [176920 2016-06-08] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [475928 2016-06-08] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [818456 2016-06-08] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [1169688 2016-06-08] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [609048 2016-06-08] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [310040 2016-06-08] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [399128 2016-06-08] (BullGuard Ltd.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupon Printer\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-12-26] () [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\system32\DRIVERS\afw.sys [52912 2015-06-18] (Agnitum Ltd.)
R3 afwcore; C:\Windows\system32\DRIVERS\afwcore.sys [465072 2015-06-18] (Agnitum Ltd.)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2015-11-25] (BullGuard Ltd.)
R3 BdNet; C:\Windows\system32\DRIVERS\BdNet.sys [51856 2015-11-25] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [94952 2015-11-25] (BullGuard Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [286112 2015-11-25] (BullGuard Ltd.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-07-25] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-20] (Synaptics Incorporated)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-15] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 10:14 - 2016-06-19 10:15 - 00013121 _____ C:\Users\Owner\Desktop\FRST.txt
2016-06-19 10:13 - 2016-06-19 10:13 - 02387456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-06-19 10:12 - 2016-06-19 10:14 - 00000000 ____D C:\FRST
2016-06-15 18:05 - 2016-05-12 19:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 18:05 - 2016-05-12 18:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 18:05 - 2016-05-12 17:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 18:05 - 2016-05-12 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 18:05 - 2016-05-12 17:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 18:05 - 2016-05-12 16:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 18:05 - 2016-05-12 16:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 18:05 - 2016-05-12 16:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 18:05 - 2016-05-06 16:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 18:05 - 2016-05-06 16:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 18:04 - 2016-04-12 16:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-15 18:04 - 2016-04-12 16:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-15 17:13 - 2016-06-03 18:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-15 17:13 - 2016-06-03 14:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 17:13 - 2016-06-02 18:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 17:13 - 2016-05-29 16:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 17:13 - 2016-05-29 16:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 17:13 - 2016-05-29 16:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 17:13 - 2016-05-29 16:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 17:13 - 2016-05-29 16:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 17:13 - 2016-05-29 16:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 17:13 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 17:13 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 17:13 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 17:13 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 17:13 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 17:13 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 17:13 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 17:13 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 17:13 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 17:13 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 17:13 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 17:13 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 17:13 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 17:13 - 2016-05-20 22:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-15 17:13 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 17:13 - 2016-05-20 22:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-15 17:13 - 2016-05-20 22:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-15 17:13 - 2016-05-20 22:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-15 17:13 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 17:13 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 17:13 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 17:13 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 17:13 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 17:13 - 2016-05-20 22:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 17:13 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 17:13 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 17:13 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 17:13 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 17:13 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 17:13 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 17:13 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 17:13 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 17:13 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 17:13 - 2016-05-18 06:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 17:13 - 2016-05-18 06:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 17:13 - 2016-05-16 22:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 17:13 - 2016-05-16 22:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 17:13 - 2016-05-16 22:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 17:13 - 2016-05-16 22:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 17:13 - 2016-05-14 00:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 17:13 - 2016-05-14 00:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 17:13 - 2016-05-14 00:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 17:13 - 2016-05-14 00:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 17:13 - 2016-05-14 00:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 17:13 - 2016-05-13 23:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 17:13 - 2016-05-13 23:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 17:13 - 2016-05-13 22:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 17:13 - 2016-05-09 22:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 17:13 - 2016-05-09 21:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 17:13 - 2016-05-09 21:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 17:13 - 2016-05-09 21:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 17:13 - 2016-04-14 16:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 17:13 - 2016-04-14 16:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 17:13 - 2016-01-31 20:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 17:13 - 2016-01-31 19:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 17:13 - 2016-01-31 18:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 17:13 - 2016-01-31 18:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 17:12 - 2016-05-19 00:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 17:12 - 2016-05-18 21:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 17:12 - 2016-05-14 21:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 17:12 - 2016-05-14 21:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 17:12 - 2016-05-14 00:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 17:12 - 2016-05-13 22:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 17:12 - 2016-05-13 22:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 17:12 - 2016-05-13 22:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 17:12 - 2016-05-13 22:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-10 17:45 - 2016-06-16 07:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 21:09 - 2016-06-08 21:09 - 00076568 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00061720 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2016-06-08 21:09 - 2016-06-08 21:08 - 00169656 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2016-06-08 21:09 - 2016-06-08 21:08 - 00148008 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 10:15 - 2015-03-09 13:59 - 00000000 ____D C:\ProgramData\BullGuard
2016-06-19 10:10 - 2015-07-02 15:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-19 10:09 - 2015-09-29 10:06 - 00000672 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3200451137-1316405179-3502684455-1001.job
2016-06-19 09:26 - 2015-09-29 10:06 - 00000576 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3200451137-1316405179-3502684455-1001.job
2016-06-19 08:44 - 2014-03-18 16:26 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-19 08:44 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-06-19 08:27 - 2015-03-06 10:59 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F6BDB07D-9C6F-4A02-A82D-E9F3719A4EC6}
2016-06-19 08:25 - 2016-04-02 15:42 - 00000000 ___RD C:\Users\Owner\OneDrive
2016-06-19 08:24 - 2015-03-10 17:32 - 00000356 _____ C:\Windows\system32\config\afw_hm.conf
2016-06-19 08:24 - 2015-03-10 17:32 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2016-06-18 13:37 - 2015-03-05 13:23 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3200451137-1316405179-3502684455-1001
2016-06-18 11:10 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 11:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-18 09:57 - 2015-03-10 14:14 - 00000475 _____ C:\Windows\BRWMARK.INI
2016-06-17 17:01 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 15:23 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-17 15:05 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 21:10 - 2015-07-02 15:16 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 07:01 - 2013-08-22 15:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-16 07:00 - 2015-03-10 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-15 19:19 - 2015-03-05 15:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 19:19 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-15 19:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-06-15 19:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-06-15 18:16 - 2015-03-05 14:28 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 18:14 - 2015-03-05 14:28 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 20:13 - 2015-09-29 10:06 - 00003668 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3200451137-1316405179-3502684455-1001
2016-06-14 20:13 - 2015-09-29 10:06 - 00003572 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3200451137-1316405179-3502684455-1001
2016-06-14 18:13 - 2015-03-05 15:09 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 18:13 - 2015-03-05 15:09 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-12 15:19 - 2015-03-10 17:29 - 00002213 _____ C:\Users\Public\Desktop\Basic PAYE Tools.lnk
2016-06-08 07:41 - 2015-03-05 13:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2016-06-01 15:47 - 2015-10-30 20:02 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-01 15:29 - 2015-03-05 12:55 - 00000000 ____D C:\Windows\Panther
2016-05-31 07:40 - 2015-04-05 09:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-31 07:40 - 2015-04-05 09:50 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-28 07:29 - 2015-03-09 13:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-28 07:29 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-21 07:57 - 2016-04-23 07:12 - 00002338 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-05-21 07:57 - 2015-03-09 13:26 - 00003176 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3200451137-1316405179-3502684455-1001

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-07 17:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016
Ran by Owner (2016-06-19 10:15:49)
Running from C:\Users\Owner\Desktop
Windows 8.1 (Update) (X64) (2015-03-05 12:16:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3200451137-1316405179-3502684455-500 - Administrator - Disabled)
Guest (S-1-5-21-3200451137-1316405179-3502684455-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3200451137-1316405179-3502684455-1003 - Limited - Enabled)
Owner (S-1-5-21-3200451137-1316405179-3502684455-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accountants' Dataset Manager (HKLM-x32\...\InstallShield_{6A49E82E-EA41-4D70-B805-EFEC3AD5FF8E}) (Version: 2.00.0000 - Sage (UK) Ltd)
Accountants' Dataset Manager (x32 Version: 2.00.0000 - Sage (UK) Ltd) Hidden
Accounts (x32 Version: 19.0.11.260 - Sage (UK) Ltd) Hidden
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 16.1.16125.489 - HM Revenue & Customs)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Coupon Printer (HKLM-x32\...\Coupon Printer2.2.1.6) (Version: 2.2.1.6 - Coupons.com Inc.)
GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-3200451137-1316405179-3502684455-1001\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
Hotkey 8.0153 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 8.0153 - NoteBook)
Hotkey 8.0153 (x32 Version: 8.0153 - NoteBook) Hidden
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3200451137-1316405179-3502684455-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29069 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.27037 - )
Sage 50 Accounts 2013 (HKLM-x32\...\InstallShield_{45ECE61A-C8EE-4847-852C-6E8A8192D424}) (Version: 19.0.11.260 - Sage (UK) Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.0 - Synaptics Incorporated)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3200451137-1316405179-3502684455-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3200451137-1316405179-3502684455-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3200451137-1316405179-3502684455-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3200451137-1316405179-3502684455-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F2AC10-7DA8-4DD8-BA80-2E3A84771E12} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-20] (Synaptics Incorporated)
Task: {0AD38227-9AE0-4FE1-8F5A-356B09A36D2E} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2016-06-08] (BullGuard Ltd.)
Task: {13993B4E-4023-48DB-99DE-082AB8D4B1AE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {32D9BF1E-948B-4704-98BB-3D8D79162AFC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {346432B4-23C2-4B2D-8050-301A414493D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {5A33EFC4-5219-46E4-8F7C-EF59F70C6868} - System32\Tasks\G2MUpdateTask-S-1-5-21-3200451137-1316405179-3502684455-1001 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe [2016-06-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {784956D6-5D5A-49F4-B7D4-F7EDA4551E7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {AC2F9CE4-5985-45E2-AE4E-03B48F60E28D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {B5EAB2FC-23E2-44AA-9FE5-AB6654DC1D11} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation)
Task: {DB0AA6FF-042B-4F8D-897F-A5ECDF4015A5} - System32\Tasks\G2MUploadTask-S-1-5-21-3200451137-1316405179-3502684455-1001 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe [2016-06-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FB62B426-D970-434B-A117-931097B4D488} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3200451137-1316405179-3502684455-1001 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3200451137-1316405179-3502684455-1001.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3200451137-1316405179-3502684455-1001.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-08 21:09 - 2016-06-08 21:09 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2015-03-09 13:18 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-26 18:24 - 2013-12-26 18:24 - 00046080 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2015-10-29 10:01 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-21 07:57 - 2016-05-21 07:57 - 00959168 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-03-05 13:56 - 2014-10-03 18:36 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2015-03-05 14:05 - 2012-11-14 08:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-03-05 14:05 - 2012-11-14 08:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-06-08 21:09 - 2016-06-08 21:09 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-01-10 17:21 - 2014-01-10 17:21 - 04902912 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2015-03-05 14:03 - 2013-09-16 05:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-23 18:02 - 2016-02-23 18:02 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-10-29 10:01 - 2015-09-01 13:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3200451137-1316405179-3502684455-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CCE0B39-6B79-408E-B42F-D250AE29B268}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{7B9318AF-FF45-44A0-B7E4-D3A9DCC7B42C}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1F9543FB-1219-4612-AA3E-1A02FA8D6C79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C0BA780-66C4-44E7-88C2-BFD650CCBCDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BE7955AC-97CD-47B7-B5BA-7667FD6A6E31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38CB64F3-9232-4FEC-A966-E3A407F1B2FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FF29D1AE-B5A9-4426-A04F-6D199796A777}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90A67399-4507-4460-8A12-550B25C231B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

31-05-2016 07:39:28 Windows Update
09-06-2016 19:19:10 Scheduled Checkpoint
15-06-2016 18:12:55 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2016 10:14:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 19.6.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1204

Start Time: 01d1ca0ae083700e

Termination Time: 4294967295

Application Path: C:\Users\Owner\Desktop\FRST64.exe

Report Id: 2daa89b2-35fe-11e6-8314-4851b7bc1edd

Faulting package full name:

Faulting package-relative application ID:

Error: (06/19/2016 08:43:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/14/2016 04:29:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13d4

Start Time: 01d1c64fe0969aea

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b895d4e2-3244-11e6-8311-4851b7bc1edd

Faulting package full name:

Faulting package-relative application ID:

Error: (06/14/2016 04:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process ID: 0x284
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (06/14/2016 09:40:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/04/2016 12:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/28/2016 07:28:52 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (05/26/2016 03:59:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/24/2016 06:07:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/22/2016 09:35:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (06/17/2016 05:07:07 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/17/2016 05:07:07 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/16/2016 07:02:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (06/16/2016 07:02:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DPS service.

Error: (06/14/2016 09:44:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/14/2016 09:44:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/12/2016 10:14:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (06/12/2016 10:14:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (06/12/2016 10:14:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (06/12/2016 10:14:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 3550M @ 2.30GHz
Percentage of memory in use: 25%
Total physical RAM: 8112.45 MB
Available physical RAM: 6077.24 MB
Total Virtual: 9392.45 MB
Available Virtual: 7298 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:891.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D7B24AB5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I'm not seeing any malware let's look at some other possibles:
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 

  • 0

#3
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

Text from process explorer below. There seems to be something called systrem idle process using up 90% of CPU.

 

I've attached the speccy report as a notepad file. Hope this is useful.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    94.91    0 K    4 K    0            
procexp64.exe    2.99    20,444 K    47,652 K    5688    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System    0.53    116 K    3,064 K    4            
Interrupts    0.28    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    0.23    20,272 K    25,836 K    788            
Hotkey.exe    0.22    18,540 K    31,952 K    4572    HotKey        (No signature was present in the subject)
VDeck.exe    0.19    5,116 K    4,884 K    4468    VIA HD Audio CPL    VIA    (Verified) VIA Technologies Inc.
csrss.exe    0.18    2,176 K    36,128 K    500            
BullGuardBhvScanner.exe    0.10    13,640 K    20,228 K    1472    BullGuard Behavioural Detection    BullGuard Ltd.    (Verified) BullGuard Ltd
explorer.exe    0.08    52,132 K    105,592 K    2352    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.08    7,392 K    15,368 K    1504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.07    256,712 K    310,648 K    4544    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
BullGuardScanner.exe    0.06    226,240 K    105,832 K    1552    BullGuard Scanner    BullGuard Ltd.    (Verified) BullGuard Ltd
BullGuard.exe    0.03    17,724 K    23,532 K    4516    BullGuard    BullGuard Ltd.    (Verified) BullGuard Ltd
svchost.exe    0.01    30,232 K    44,608 K    932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    8,872 K    12,856 K    1488    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    136,360 K    53,088 K    1528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    12,648 K    14,732 K    848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
officeclicktorun.exe    < 0.01    27,876 K    36,604 K    1656    Microsoft Office Click-to-Run    Microsoft Corporation    (Verified) Microsoft Corporation
SynTPEnh.exe    < 0.01    3,792 K    896 K    2192    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe    < 0.01    5,176 K    12,660 K    4248    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
csrss.exe    < 0.01    1,768 K    4,032 K    436            
wmpnetwk.exe        5,652 K    18,084 K    5996    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        1,924 K    6,608 K    320            
WmiPrvSE.exe        3,776 K    9,844 K    4288            
winlogon.exe        1,504 K    8,572 K    588            
wininit.exe        788 K    3,692 K    492            
ViakaraokeSrv.exe        1,016 K    3,836 K    2504    Service binary    VIA Technologies, Inc.    (Verified) VIA Technologies Inc.
taskhostex.exe        6,472 K    13,600 K    2180    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe        8,016 K    10,532 K    5396            
SynTPHelper.exe        836 K    224 K    5940            
svchost.exe        6,888 K    14,808 K    1040    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        72,776 K    81,588 K    620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,560 K    11,372 K    652    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,144 K    6,928 K    1456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,324 K    13,628 K    3160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,160 K    7,944 K    684    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        24,640 K    32,732 K    796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,412 K    18,528 K    276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        15,760 K    21,632 K    1280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,036 K    12,820 K    1064    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,800 K    6,448 K    2448    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        3,828 K    10,936 K    1252    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        280 K    1,004 K    312            
SkyDrive.exe        8,464 K    15,384 K    3828    OneDrive Sync Engine    Microsoft Corporation    (Verified) Microsoft Windows
SettingSyncHost.exe        7,268 K    3,540 K    4652    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        2,876 K    6,292 K    540            
SearchIndexer.exe        22,480 K    21,752 K    3240    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
Sage.SData.Service.exe        15,076 K    17,980 K    2416    Sage SData Service    Sage (UK) Limited    (No signature was present in the subject) Sage (UK) Limited
Sage.Central.AutoUpdateManager.Service.exe        11,292 K    10,156 K    2304    Sage.Central.AutoUpdateManager.Service    Microsoft    (No signature was present in the subject) Microsoft
RuntimeBroker.exe        3,328 K    11,888 K    3752    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,388 K    7,420 K    2400    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        25,084 K    16,360 K    3472    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
PowerBiosServer.exe        10,408 K    14,848 K    1564    PowerBiosServer        (No signature was present in the subject)
lsass.exe        6,236 K    14,980 K    548    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
LMS.exe        3,204 K    9,480 K    4240    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation - Software and Firmware Products
livecomm.exe    Suspended    14,296 K    5,144 K    3372    Communications Service    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
jhi_service.exe        1,088 K    4,500 K    1464    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Intel® Management Engine Firmware
igfxTray.exe        3,124 K    8,628 K    4084            (Verified) Intel Corporation - pGFX
igfxHK.exe        2,028 K    6,804 K    4076    igfxHK Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxEM.exe        3,368 K    9,272 K    4068    igfxEM Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxCUIService.exe        1,624 K    6,268 K    412    igfxCUIService Module    Intel Corporation    (Verified) Intel Corporation - pGFX
HeciServer.exe        1,324 K    5,340 K    1208    Intel® Capability Licensing Service Interface    Intel® Corporation    (No signature was present in the subject) Intel® Corporation
GWX.exe        3,416 K    636 K    5148    GWX    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,528 K    6,740 K    5948            
dasHost.exe        5,772 K    14,528 K    1840            
csisyncclient.exe        10,740 K    23,552 K    4260    Microsoft Office Document Cache Sync Client Interface    Microsoft Corporation    (Verified) Microsoft Corporation
CouponPrinterService.exe        2,256 K    7,648 K    3000    Coupon Printer Service    Coupons.com Inc.    (Verified) Coupons
BullGuardUpdate.exe        3,208 K    7,764 K    1572    BullGuard Update    BullGuard Ltd.    (Verified) BullGuard Ltd
armsvc.exe        1,124 K    4,380 K    1440    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

System Idle Process    94.91 is a good thing.  The higher the better.

 

Your speccy log is incomplete.  The bottom half of it is gone.  Need to do it again.  Perhaps you made the log before it was done.

 

Copy the next line:

DISM /Online /Cleanup-Image /RestoreHealth

Open an elevated Command Prompt (see:  http://www.eightforu...indows-8-a.html )

 

Right click and Paste (or Edit then Paste) and the copied line will appear.

 

Hit Enter.  It will take about 15 minutes for the prompt to return.  Be patient.

 

 

Once it returns.  Type:

sfc  /scannow

and hit Enter.  This one will probably take about the same amount of time.  If when it finishes it complains that it could not fix everything then:

 

 

Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 


notepad \windows\logs\cbs\junk.txt 

Paste them into an Elevated command Prompt as before.  Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.

 

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

 


  • 0

#5
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I've re-run speccy and attached the results.

 

Will work on the rest of your post later today.

 

Regards

 

Mrs M

Attached Files


  • 0

#6
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I've done rthe part with the elevated command prompt and have attached the resulting text file, hope this is useful.

 

Will do thje Event Viewer part now.

 

Mrs M

Attached Files

  • Attached File  junk.txt   71.04KB   25 downloads

  • 0

#7
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I've done the to runs for Event Viewer and attached the notepad files.

 

Hope this is useful.

 

Mrs M

Attached Files


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Copy the next line:

sc config wudfsvc start= auto

Open an Elevated Command Prompt and 

 

right click and Paste and the line should appear.  Hit Enter.

 

This fixes:

 

Log: 'System' Date/Time: 20/06/2016 18:56:59
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_2.0&Rev_1.00#C860008861F9CE10BA0724DF&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

 

 

 

Open Internet Explorer.  Click on the gear in the upper right.  Select Internet Options.  Select the Connections tab.  Select LAN Settings.  Uncheck All boxes.  OK.  This fixes:

 

Log: 'System' Date/Time: 19/06/2016 11:36:21
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 

 

 

 

 

This one is old but not a good sign:

 

Log: 'System' Date/Time: 28/05/2016 06:35:44
Type: Error Category: 0
Event: 55 Source: Ntfs
A corruption was discovered in the file system structure on volume ??.  The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x150000000311c6.  The name of the file is "<unable to determine file name>". 
 

 

 

 
The fix for this is to run a disk check.  It's possible that windows has already done so but just in case:
 
In an Elevated Command Prompt type:
 
chkdsk /r C:

Hit Enter:

 
If the disk is in use, Check Disk displays a prompt that asks whether you want to schedule the disk to be checked the next time you restart the system. Click Yes to schedule this check.  Then reboot.
 
 For some reason speccy just isn't working right on your PC.  I just downloaded it and ran it on mine and it worked fine.  Let's try:
 
See if you can get Speedfan to work:
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps.  What is the highest one you see?
 
 
In Speedfan, click on S.M.A.R.T tab.  Then click on the down arrow tot he right of the Hard disk box.  Select the drive.  Select Perform an in-depth online analysis of this hard disk.  Your browser will open with the report.  At the bottom of the report it will says:
 
The link to get back and see a new report about this hard disk in the future is this
 
Right click on the underlined this and Copy Link Address.  Move to a Reply and paste (Ctrl + v).  That will allow me to see the report.
 
 
 
In the search box, type:  control panel
and hit Enter.  Control Panel should open.  Select  Large Icons under View By:  (in upper right.)
 
Select Power Options.
 
Click on the Show Additional Plans.
 
Select High Performance
 
Close Power Options and Control Panel.
 
Copy the next line:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Open an Elevated Command Prompt, right click and Paste and the copied line should appear.  Hit Enter.

 

 

 
Reboot and run VEW again as before.

  • 0

#9
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I've now successfully completed the first three steps (sc config wudfsvc start= auto, Internet Explorer, chkdsk /r C:) and installed Speedfan. It tells me that the highest temperature I have is 42C.

 

However, when I try to do the online analysis, I get the error message "There was an error in the http connection. Please check proxy configuration or try to send again" I've got this a few times now. Could it be a firewall issue?

 

Will move on to the control panel exercise now.

 

Regards

 

Mrs M


  • 0

#10
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

Just run VEW (system and application) and attached the results. Very short reports!

 

Regards

 

Mrs M

Attached Files


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

I expect Bullguard's Firewall is blocking you because there was no sign of a proxy.

 

Did you remember to reboot before running VEW?


  • 0

#12
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I can't remember if I rebooted, so I've rerun the "for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"" command, rebooted and run VEW again.

 

The reports are attached, they look much the same as before.

 

The computer is working much better now, by the way.

 

Should I turn off Bullguard temporarily and do the Speedfan analysis, or is that no longer necessary?

 

Regards

 

Mrs M

Attached Files


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Go ahead and see if you can get Bullguard to let us have an analysis.

 

This error:

 

Log: 'Application' Date/Time: 23/06/2016 20:08:22
Type: Warning Category: 7
Event: 507 Source: ESENT
LiveComm (2544) C:\Users\Owner\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\f79194922d4726d3\120712-0049\: A request to read from the file "C:\Users\Owner\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\f79194922d4726d3\120712-0049\DBStore\livecomm.edb" at offset 1449984 (0x0000000000162000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (22 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

 
 
Sort of implies that there may be a problem with the hard drive.
 
Log: 'System' Date/Time: 23/06/2016 20:04:27
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 

 

 

Is just a nuisance but opening IE, clicking on the gear in the upper right then on Internet Options, Connections, Lan Settings then unchecking all boxes, OK is supposed to fix it.


  • 0

#14
MrsMaximus

MrsMaximus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I switched off the Bullguard firewall and tried to do the analysis again but unfortunately got the same result. Do you think there's something else I should witch off (in Bullguard or maybe the Windows firewall) to get it to work?

 

I checked Internet Explorer and all of the boxes are still unchecked. Given that Firefox is my primary internet browser, is there an equivalent in Firefox that I need to amend?

 

Regards

 

Mrs M


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Let's try a different program.

 

Get GSMARTCONTROL from

 

 

 

http://sourceforge.n....7.exe/download

 

Download and Save the file then right click on it and Run As Admin.

 

Accept the defaults and keep hitting Install or Next until Finish.  This will leave a shortcut on your desktop.  Right click on the shortcut and Run As Admin.

 

Once the program starts it will show you the drives it has detected.  Usually your prime drive will be the one on the left.  Double click it and a new window will open with some basic info.  Click on the tab that says Attributes.  Click on Save As at the bottom.  By default it wants to save in its own folder which might be hard to find.  Click on the down arrow on the right of the second box (Save in Folder)  and change it to Desktop, (note the file name) Save.

 

Attach the file to your next Reply.  DO NOT try to open it and copy and Paste or you will lose the formatting.

 

Firefox usually follows IE's lead on proxies but it does have its own config that we can look at.  In Firefox click on the 3 horizontal lines icon in the upper right.  Then on Advanced (bottom left) then on Network.  Then on Settings to the right of "Configure how Firefox connects to the Internet"  Click on No Proxy OK.  Close Firefox and reopen it.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP