Author Topic: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email  (Read 712 times)

Offline Vickster3659

  • Bronze Member
  • Posts: 140
Hello,
The performance of my laptop has been quite slow lately, and today, I accidently clicked on a suspicious link in an email, I want to be sure to clear anything that may have been installed by this.  I ran the DDS tool, but wasn't sure if I should paste it here, or attach the files.  Thanks for any assistance!  You have been great in prior help requests!


« Last Edit: October 30, 2017, 05:35:47 AM by seedy21 »

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • Posts: 10420
After reviewing the instructions HERE please copy/paste/post the DDS logs as specified. You can post them as a reply to this.

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

Offline Vickster3659

  • Bronze Member
  • Posts: 140
Thank you.  Here is the attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 8/4/2017 7:28:44 AM
System Uptime: 10/29/2017 6:53:08 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0R8G1C
Processor: Intel(R) Celeron(R) CPU  N3050  @ 1.60GHz | SOCKET 0 | 1601/80mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 384.866 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 9/25/2017 7:00:24 PM - Windows Update
RP8: 10/22/2017 2:11:08 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Refresh Manager
AVG
AVG AntiVirus FREE
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3500 series MP Drivers
Canon MG3500 series On-screen Manual
Canon MG3500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Capture NX-D
CCleaner
Citrix Authentication Manager
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver 4.5
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Citrix Web Helper
CyberLink Media Suite 12
CyberLink Media Suite Essentials
CyberLink Power Media Player 12
CyberLink Power2Go 8
CyberLink PowerDirector 12
Dell Customer Connect
Dell Digital Delivery
Dell Foundation Services
Dell Help & Support
Dell Product Registration
Dell SupportAssist
Dell SupportAssistAgent
Dell System Detect
Dell Update
Dell Update - SupportAssist Update Plugin
Dropbox 20 GB
Dropbox Update Helper
FMW 1
Google Chrome
Google Earth Pro
Google Update Helper
Intel(R) Chipset Device Software
Intel(R) Processor Graphics
Intel(R) Trusted Execution Engine
Intel(R) Trusted Execution Engine Driver
Intel® Security Assist
Java 8 Update 131 (64-bit)
Java Auto Updater
Maxx Audio Installer (x64)
Microsoft Office 365 - en-us
Microsoft Office 365 ProPlus - en-us
Microsoft Office File Validation Add-In
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
Nikon Message Center 2
Nikon Transfer 2
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Extensibility Component 64-bit Registration
Office 16 Click-to-Run Licensing Component
Office 16 Click-to-Run Localization Component
Online Plug-in
Picture Control Utility 2
Product Registration
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm WLAN and Bluetooth Client Installation
QuickSet64
Realtek Card Reader
Realtek High Definition Audio Driver
Realtek USB Ethernet Controller All-In-One Windows Driver
Self-service Plug-in
Skype™ 7.39
Spotify
ViewNX-i
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows 10 Upgrade Assistant
Windows Driver Package - Intel Corporation (iagpioe) System  (05/21/2015 604.10120.2652.361)
Windows Driver Package - Intel Corporation (iai2ce) System  (05/21/2015 604.10120.2654.367)
Windows Driver Package - Intel Corporation (iauarte) System  (05/21/2015 604.10120.2653.391)
.
==== Event Viewer Messages From Past Week ========
.
10/29/2017 6:59:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
10/29/2017 6:59:07 PM, Error: Service Control Manager [7000]  - The Dell Digital Delivery Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2017 6:58:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.
10/29/2017 6:58:07 PM, Error: Service Control Manager [7000]  - The Dell Foundation Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2017 6:54:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
10/29/2017 6:54:56 PM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2017 6:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
10/29/2017 6:54:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffd984a9bf7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: a0b7bffc-f7e5-454a-a770-9e7014cd0146.
10/29/2017 6:53:48 PM, Error: Service Control Manager [7000]  - The CldFlt service failed to start due to the following error:  The request is not supported.
10/29/2017 2:33:57 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
10/29/2017 12:36:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffff8800e63f7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: a85f3fe3-968b-4ae6-bb05-20d142767fa7.
10/28/2017 8:34:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
10/28/2017 8:32:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffe707357f7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: b3e244b7-63a6-441f-814f-71a6f3d5983d.
10/28/2017 2:56:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffcc8b41c71060, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 54a34099-c7ce-42a9-a17d-49b8b8a47583.
10/28/2017 1:46:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect.
10/28/2017 1:46:56 PM, Error: Service Control Manager [7000]  - The Dell Help & Support service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/28/2017 1:42:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffff8385537f7e40, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 92443d9a-a3d5-4b30-92e3-389c2ca7409b.
10/26/2017 7:52:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffc801b41f7b60, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c1303f91-82e0-4bf7-9e36-f21180d842c1.
10/24/2017 8:08:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Customer Connect service to connect.
10/24/2017 8:08:43 PM, Error: Service Control Manager [7000]  - The Dell Customer Connect service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/24/2017 8:06:51 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "15616" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
10/24/2017 8:05:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffc8860ca71060, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 1f0f15d1-611b-4a09-a8a5-52a5ba8fd967.
10/22/2017 9:33:06 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
10/22/2017 9:28:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffff8c02c01f7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3a865300-113b-4b2e-8215-2787b939024d.
10/22/2017 1:16:13 PM, Error: Service Control Manager [7022]  - The Downloaded Maps Manager service hung on starting.
10/22/2017 1:07:42 PM, Error: Service Control Manager [7043]  - The avgbIDSAgent service did not shut down properly after receiving a preshutdown control.
10/22/2017 1:03:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffb70e96ff7b60, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 2a116c34-0a55-476f-b045-27ac5c9a4897.
.
==== End Of File ===========================

Offline Vickster3659

  • Bronze Member
  • Posts: 140
and here is the dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608
Run by Vicks at 19:09:54 on 2017-10-29
Microsoft Windows 10 Home  10.0.15063.0.1252.1.1033.18.4008.1314 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k localservice -s bthserv
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s BthHFSrv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -s FontCache
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k localservice -s netprofm
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Windows\SysWOW64\atashost.exe
C:\WINDOWS\SysWOW64\esif_uf.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\taskhostw.exe
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Users\Vicks\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Vicks\AppData\Local\Apps\2.0\JAR0C1OO.RH9\A7K5A0RV.251\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe
C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s WdiSystemHost
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k smphost
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s gpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SensorService
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s XblAuthManager
svchost.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wisvc
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.spectrum.net/?domain-redirect=true
uLocal Page = %11%\blank.htm
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\Vicks\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
uRun: [Spotify Web Helper] C:\Users\Vicks\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
uRun: [Spotify] C:\Users\Vicks\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
uRun: [DellSystemDetect] C:\Users\Vicks\AppData\Local\Apps\2.0\JAR0C1OO.RH9\A7K5A0RV.251\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
mRun: [isa] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
StartupFolder: C:\Users\Vicks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
StartupFolder: C:\Users\Vicks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SlowLinkDetectEnabled = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://downloads.dell.com/systemprofiler/SysProExe.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{b361fb59-8e1f-4769-86a1-2d1e6e6297d2} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_MAXX6] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SlowLinkDetectEnabled = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 avgbdisk;avgbdisk;C:\WINDOWS\System32\drivers\avgbdiska.sys [2017-10-22 166624]
R1 avgbidsdriver;avgbidsdriver;C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [2017-10-22 314640]
R1 avgRdr;avgRdr;C:\WINDOWS\System32\drivers\avgRdr2.sys [2017-10-22 102792]
R1 avgSnx;avgSnx;C:\WINDOWS\System32\drivers\avgsnx.sys [2017-10-26 1022288]
R1 avgSP;avgSP;C:\WINDOWS\System32\drivers\avgSP.sys [2017-10-22 579584]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2016-6-27 91912]
R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\System32\drivers\ctxusbm.sys [2016-9-5 142000]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2016-10-31 149440]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2016-11-28 325600]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2017-10-22 282536]
R2 avgMonFlt;avgMonFlt;C:\WINDOWS\System32\drivers\avgMonFlt.sys [2017-10-22 140192]
R2 avgStm;avgStm;C:\WINDOWS\System32\drivers\avgStm.sys [2017-10-22 193768]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2017-10-6 1428656]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_57366;Connected Devices Platform User Service_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-10-28 7923880]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [2017-7-27 208760]
R2 DDVDataCollector;Dell Data Vault Collector;C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2017-7-27 3294584]
R2 DDVRulesProcessor;Dell Data Vault Processor;C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [2017-7-27 217464]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2017-9-19 130936]
R2 Dell Help & Support;Dell Help & Support;C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [2017-9-18 40976]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2017-5-1 230248]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DpmLiteDrv;DpmLiteDrv;C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [2014-10-15 15080]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2016-6-27 1385640]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-6-27 350312]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-2-26 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface;C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2015-4-21 174368]
R2 OneSyncSvc_57366;Sync Host_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 Product Registration;Product Registration;C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-4-6 47144]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-7-26 333296]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-10-22 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2017-8-4 53208]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-6-27 246376]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WavesSysSvc;Waves Audio Services;C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [2017-2-7 615384]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-11 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_57366;Windows Push Notifications User Service_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2017-10-22 7496672]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-11-28 608656]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2017-3-18 181248]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2017-3-18 47104]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-8-4 97280]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2017-7-27 32960]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2017-7-27 32568]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2016-6-27 19440]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2016-6-27 53752]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2016-6-27 261624]
R3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
R3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
R3 igfxLP;igfxLP;C:\WINDOWS\System32\drivers\igdkmd64lp.sys [2016-6-27 5864888]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-6-27 474360]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 PimIndexMaintenanceSvc_57366;Contact Data_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2016-6-27 56936]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 TXEIx64;Intel(R) Trusted Execution Engine Interface ;C:\WINDOWS\System32\drivers\TXEIx64.sys [2015-6-26 146232]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
R3 UnistoreSvc_57366;User Data Storage_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_57366;User Data Access_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-3-18 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-6-27 143144]
S2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-1-11 97616]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-23 238320]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-6-1 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 avgHwid;avgHwid;C:\WINDOWS\System32\drivers\avgHwid.sys [2017-10-22 39424]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-25 39424]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-6-27 143144]
S3 DevicesFlowUserSvc_57366;DevicesFlow_57366;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-2-26 330240]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_57366;MessagingService_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-7-11 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-6-27 411712]
S3 rtux64w10;Realtek USB FE/GbE NIC Family Windows 10 64-bit Driver;C:\WINDOWS\System32\drivers\rtux64w10.sys [2015-10-30 323072]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2017-8-6 25608]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-25 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-8-4 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-11 757248]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-7-11 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-10-29 22:54:57   180   ----a-w-   C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-27 23:15:58   --------   d--h--w-   C:\OneDriveTemp
2017-10-27 00:18:23   --------   d-----w-   C:\ProgramData\PC-Doctor for Windows
2017-10-27 00:18:16   --------   d-----w-   C:\Program Files\Dell Support Center
2017-10-27 00:02:49   1022288   ----a-w-   C:\WINDOWS\System32\drivers\avgsnx.sys
2017-10-25 01:04:23   106496   ----a-w-   C:\WINDOWS\SysWow64\ATL71.DLL
2017-10-24 01:46:48   466088   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-10-24 01:46:22   29352   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-10-24 01:42:36   209064   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-10-22 19:31:33   230400   ----a-w-   C:\WINDOWS\System32\msclmd.dll
2017-10-22 19:31:33   207872   ----a-w-   C:\WINDOWS\SysWow64\msclmd.dll
2017-10-22 18:30:25   177656   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-10-22 18:30:24   835576   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-10-22 18:24:17   126925120   -c--a-w-   C:\WINDOWS\System32\MRT-KB890830.exe
2017-10-22 18:05:59   1408536   ----a-w-   C:\WINDOWS\SysWow64\gdi32full.dll
2017-10-22 18:04:59   20511232   ----a-w-   C:\WINDOWS\SysWow64\edgehtml.dll
2017-10-22 18:03:59   2809344   ----a-w-   C:\WINDOWS\System32\AppXDeploymentServer.dll
2017-10-22 17:22:09   --------   d---a-w-   C:\Program Files (x86)\Dell Customer Connect
2017-10-22 17:16:09   76832   ----a-w-   C:\WINDOWS\System32\drivers\avgRvrt.sys
2017-10-22 17:16:09   579584   ----a-w-   C:\WINDOWS\System32\drivers\avgSP.sys
2017-10-22 17:16:09   51336   ----a-w-   C:\WINDOWS\System32\drivers\avgbuniva.sys
2017-10-22 17:16:09   39424   ----a-w-   C:\WINDOWS\System32\drivers\avgHwid.sys
2017-10-22 17:16:09   355856   ----a-w-   C:\WINDOWS\System32\drivers\avgVmm.sys
2017-10-22 17:16:09   193768   ----a-w-   C:\WINDOWS\System32\drivers\avgStm.sys
2017-10-22 17:16:09   140192   ----a-w-   C:\WINDOWS\System32\drivers\avgMonFlt.sys
2017-10-22 17:16:09   102792   ----a-w-   C:\WINDOWS\System32\drivers\avgRdr2.sys
2017-10-22 17:16:08   336896   ----a-w-   C:\WINDOWS\System32\drivers\avgbloga.sys
2017-10-22 17:16:08   314640   ----a-w-   C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2017-10-22 17:16:08   192584   ----a-w-   C:\WINDOWS\System32\drivers\avgbidsha.sys
2017-10-22 17:16:08   166624   ----a-w-   C:\WINDOWS\System32\drivers\avgbdiska.sys
2017-10-22 17:15:23   402608   ----a-w-   C:\WINDOWS\System32\avgBoot.exe
2017-10-22 12:54:09   1890512   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
.
==================== Find3M  ====================
.
2017-09-30 05:52:01   1595152   ----a-w-   C:\WINDOWS\System32\gdi32full.dll
2017-09-30 05:51:44   1458320   ----a-w-   C:\WINDOWS\System32\msctf.dll
2017-09-30 05:51:12   1147288   ----a-w-   C:\WINDOWS\System32\hvix64.exe
2017-09-30 05:50:48   1068208   ----a-w-   C:\WINDOWS\System32\Windows.UI.dll
2017-09-30 05:50:46   1024920   ----a-w-   C:\WINDOWS\System32\hvax64.exe
2017-09-30 05:50:44   1346112   ----a-w-   C:\WINDOWS\System32\user32.dll
2017-09-30 05:49:44   777400   ----a-w-   C:\WINDOWS\System32\oleaut32.dll
2017-09-30 05:49:27   135576   ----a-w-   C:\WINDOWS\System32\drivers\ksecdd.sys
2017-09-30 05:49:25   1004136   ----a-w-   C:\WINDOWS\System32\ucrtbase.dll
2017-09-30 05:48:27   644696   ----a-w-   C:\WINDOWS\System32\advapi32.dll
2017-09-30 05:48:26   2399728   ----a-w-   C:\WINDOWS\System32\KernelBase.dll
2017-09-30 05:48:12   8319384   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2017-09-30 05:48:04   2327448   ----a-w-   C:\WINDOWS\System32\drivers\ntfs.sys
2017-09-30 05:47:28   1194792   ----a-w-   C:\WINDOWS\System32\rpcrt4.dll
2017-09-30 05:47:05   2969880   ----a-w-   C:\WINDOWS\System32\CoreUIComponents.dll
2017-09-30 05:45:54   511896   ----a-w-   C:\WINDOWS\System32\drivers\usbhub.sys
2017-09-30 05:44:52   181912   ----a-w-   C:\WINDOWS\System32\sspicli.dll
2017-09-30 05:44:03   712600   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-09-30 05:43:49   2442136   ----a-w-   C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-09-30 05:43:47   7318888   ----a-w-   C:\WINDOWS\System32\windows.storage.dll
2017-09-30 05:42:43   4848952   ----a-w-   C:\WINDOWS\explorer.exe
2017-09-30 05:42:08   1506712   ----a-w-   C:\WINDOWS\System32\twinapi.appcore.dll
2017-09-30 05:42:03   820120   ----a-w-   C:\WINDOWS\System32\WWAHost.exe
2017-09-30 05:41:48   259400   ----a-w-   C:\WINDOWS\System32\MusNotifyIcon.exe
2017-09-30 05:41:48   228248   ----a-w-   C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-09-30 05:41:47   961944   ----a-w-   C:\WINDOWS\System32\efscore.dll
2017-09-30 05:41:45   651672   ----a-w-   C:\WINDOWS\System32\SettingSyncHost.exe
2017-09-30 05:41:44   5477600   ----a-w-   C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-09-30 05:41:35   257432   ----a-w-   C:\WINDOWS\System32\AppxAllUserStore.dll
2017-09-30 05:41:28   5304496   ----a-w-   C:\WINDOWS\System32\Windows.StateRepository.dll
2017-09-30 05:41:11   654976   ----a-w-   C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-09-30 05:41:00   2086808   ----a-w-   C:\WINDOWS\System32\UpdateAgent.dll
2017-09-30 05:40:49   642680   ----a-w-   C:\WINDOWS\System32\drivers\cng.sys
2017-09-30 05:40:45   184728   ----a-w-   C:\WINDOWS\System32\drivers\appid.sys
2017-09-30 05:40:44   724704   ----a-w-   C:\WINDOWS\System32\wer.dll
2017-09-30 05:40:38   336320   ----a-w-   C:\WINDOWS\System32\SecurityHealthService.exe
2017-09-30 05:40:33   408984   ----a-w-   C:\WINDOWS\System32\msv1_0.dll
2017-09-30 05:40:29   72944   ----a-w-   C:\WINDOWS\System32\easinvoker.exe
2017-09-30 05:40:13   558912   ----a-w-   C:\WINDOWS\System32\Windows.ApplicationModel.dll
2017-09-30 05:40:03   173976   ----a-w-   C:\WINDOWS\System32\drivers\usbccgp.sys
2017-09-30 05:39:45   203672   ----a-w-   C:\WINDOWS\System32\basecsp.dll
2017-09-30 05:38:42   2239136   ----a-w-   C:\WINDOWS\System32\mfsrcsnk.dll
2017-09-30 05:38:33   7910072   ----a-w-   C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-09-30 05:36:38   2672024   ----a-w-   C:\WINDOWS\System32\drivers\tcpip.sys
2017-09-30 05:36:28   57976   ----a-w-   C:\WINDOWS\System32\lsass.exe
2017-09-30 02:29:46   804784   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.dll
2017-09-30 02:26:30   1292872   ----a-w-   C:\WINDOWS\SysWow64\user32.dll
2017-09-30 02:26:24   1333136   ----a-w-   C:\WINDOWS\SysWow64\msctf.dll
2017-09-30 02:10:34   480920   ----a-w-   C:\WINDOWS\SysWow64\advapi32.dll
2017-09-30 02:10:20   606072   ----a-w-   C:\WINDOWS\SysWow64\oleaut32.dll
2017-09-30 02:10:14   1839872   ----a-w-   C:\WINDOWS\SysWow64\KernelBase.dll
2017-09-30 02:10:08   1150776   ----a-w-   C:\WINDOWS\SysWow64\ucrtbase.dll
2017-09-30 02:09:16   2259760   ----a-w-   C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-09-30 02:09:02   787712   ----a-w-   C:\WINDOWS\SysWow64\rpcrt4.dll
2017-09-30 02:06:28   4471368   ----a-w-   C:\WINDOWS\SysWow64\explorer.exe
2017-09-30 02:05:47   750488   ----a-w-   C:\WINDOWS\SysWow64\WWAHost.exe
2017-09-30 02:05:45   5827744   ----a-w-   C:\WINDOWS\SysWow64\windows.storage.dll
2017-09-30 02:05:39   559000   ----a-w-   C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-09-30 02:05:36   1266544   ----a-w-   C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-09-30 02:05:34   2603744   ----a-w-   C:\WINDOWS\SysWow64\OneCoreUAPCommonProxyStub.dll
2017-09-30 02:04:52   612120   ----a-w-   C:\WINDOWS\SysWow64\wer.dll
2017-09-30 02:04:50   4215184   ----a-w-   C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2017-09-30 02:04:45   347544   ----a-w-   C:\WINDOWS\SysWow64\msv1_0.dll
2017-09-30 02:04:39   438096   ----a-w-   C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
2017-09-30 02:04:17   519680   ----a-w-   C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2017-09-30 02:04:13   182680   ----a-w-   C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2017-09-30 02:03:27   6768288   ----a-w-   C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-09-30 02:03:17   1439032   ----a-w-   C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-09-30 02:02:53   175512   ----a-w-   C:\WINDOWS\SysWow64\basecsp.dll
2017-09-30 02:01:54   124544   ----a-w-   C:\WINDOWS\SysWow64\sspicli.dll
2017-09-29 07:46:30   23678976   ----a-w-   C:\WINDOWS\System32\edgehtml.dll
2017-09-29 07:45:00   2953216   ----a-w-   C:\WINDOWS\SysWow64\win32kfull.sys
2017-09-29 07:44:19   133120   ----a-w-   C:\WINDOWS\SysWow64\t2embed.dll
2017-09-29 07:43:14   2199552   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-09-29 07:43:07   142336   ----a-w-   C:\WINDOWS\SysWow64\smartscreenps.dll
2017-09-29 07:43:05   60928   ----a-w-   C:\WINDOWS\SysWow64\usoapi.dll
2017-09-29 07:42:56   18944   ----a-w-   C:\WINDOWS\SysWow64\mgmtapi.dll
2017-09-29 07:41:56   13844992   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-09-29 07:41:50   50176   ----a-w-   C:\WINDOWS\SysWow64\wbem\Win32_Tpm.dll
2017-09-29 07:41:09   110080   ----a-w-   C:\WINDOWS\SysWow64\BitLockerCsp.dll
2017-09-29 07:40:57   6728192   ----a-w-   C:\WINDOWS\SysWow64\twinui.dll
2017-09-29 07:40:50   371200   ----a-w-   C:\WINDOWS\SysWow64\daxexec.dll
2017-09-29 07:40:25   86528   ----a-w-   C:\WINDOWS\SysWow64\updatepolicy.dll
2017-09-29 07:39:51   364032   ----a-w-   C:\WINDOWS\SysWow64\msIso.dll
2017-09-29 07:38:55   471040   ----a-w-   C:\WINDOWS\SysWow64\TpmCoreProvisioning.dll
2017-09-29 07:38:51   229376   ----a-w-   C:\WINDOWS\SysWow64\scksp.dll
2017-09-29 07:38:35   1135616   ----a-r-   C:\WINDOWS\SysWow64\icuuc.dll
2017-09-29 07:38:18   2671616   ----a-w-   C:\WINDOWS\SysWow64\tquery.dll
2017-09-29 07:38:15   370688   ----a-w-   C:\WINDOWS\SysWow64\FirewallAPI.dll
2017-09-29 07:38:11   463360   ----a-w-   C:\WINDOWS\SysWow64\webio.dll
2017-09-29 07:38:03   5721600   ----a-w-   C:\WINDOWS\SysWow64\BingMaps.dll
2017-09-29 07:38:03   308224   ----a-w-   C:\WINDOWS\SysWow64\cryptngc.dll
2017-09-29 07:37:45   306688   ----a-w-   C:\WINDOWS\SysWow64\Windows.Graphics.dll
2017-09-29 07:37:24   38400   ----a-w-   C:\WINDOWS\SysWow64\TokenBrokerUI.dll
2017-09-29 07:36:58   590336   ----a-w-   C:\WINDOWS\SysWow64\PCPKsp.dll
2017-09-29 07:35:32   3654656   ----a-w-   C:\WINDOWS\SysWow64\jscript9.dll
2017-09-29 07:34:53   6255616   ----a-w-   C:\WINDOWS\SysWow64\Chakra.dll
2017-09-29 07:34:46   434176   ----a-w-   C:\WINDOWS\SysWow64\twinapi.dll
2017-09-29 07:34:29   798720   ----a-w-   C:\WINDOWS\SysWow64\TokenBroker.dll
2017-09-29 07:34:29   3669504   ----a-w-   C:\WINDOWS\System32\win32kfull.sys
.
============= FINISH: 19:11:49.86 ===============

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2423
Hello Vickster3659

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Before I start, Please can you confirm if this machine is a company machine? If so do you have permission to fix the machine?

Thanks
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2423
Hello Vickster3659

Do you still require my help? If I don't see a reply back within 24 hours I will assume this topic can be closed.

Thanks
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 140
Yes please....I pasted the two scans as requested, however, I will be away until Sunday afternoon.

Offline Vickster3659

  • Bronze Member
  • Posts: 140
Hi Seedy21,  Just read your initial post to my logs.  I am familiar with how this service works, as I have received assistance on a much older computer in the past.  The system I need help with now is not a company machine, it is my personal laptop.
Thanks again, as I mentioned in my previous post, after tonight, I will be away until Sunday afternoon.
Vickster3659

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2423
Hi Vickster3659

Thank you for the confirmation. Lets get the next set of Logs :-


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File)
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 140
Thank you Seedy21.  For some reason, I no longer receive emails when a reply is added to my post, my email address has not changed.  Please be advised that I may not be able to check for any new posts every day, as my work hours vary at times, but I will check when I can.  I appreciate your assistance!

Here is addition.txt:

CodeIntegrity:
===================================
  Date: 2017-08-14 21:22:49.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz
Percentage of memory in use: 73%
Total physical RAM: 4007.56 MB
Available physical RAM: 1052.99 MB
Total Virtual: 5159.56 MB
Available Virtual: 1623.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.74 GB) (Free:383.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE328A0D)

Partition: GPT.

==================== End of Addition.txt ============================


Not enough room here for the FRST.txt file, so I'll try in another reply.

Offline Vickster3659

  • Bronze Member
  • Posts: 140
FRST.txt is over the limit of 65000 characters, so I will zip and attach.

Offline Vickster3659

  • Bronze Member
  • Posts: 140
FRST.txt is attached.

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2423
Hi Vickster3659

Thank you for the logs. I will need sometime to read though them before I can give you the next steps.

In regards to not getting email from the forum when I post, Can you confirm that you have clicked notify at the top right of the topic? Also have you double checked your Spam folder if the email is in there?

Thanks
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline Vickster3659

  • Bronze Member
  • Posts: 140
Thank you Seedy21,
The button at the top says "unnotify" so I assume that I should be getting emails.  I will check my spam folder.  Strange, though, as last time I received help from this forum, I was getting the emails.  I will check back again tomorrow or the next day for any new posts.

Have a great evening!

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2423
Hi Vickster3659

Please let me know if your still not getting email alerts from Spywarehammer.

Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:

  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:

  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.

  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.

  • Please Copy and Paste the contents of the scan log in your next reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club