Author Topic: [In Progress] Avira suspicious files warning, slow internet  (Read 3337 times)

Offline Kat540

  • Bronze Member
  • Posts: 54
[In Progress] Avira suspicious files warning, slow internet
« on: December 17, 2016, 06:33:07 PM »
I have a Win 10 Acer laptop. A few times I've gotten warnings from Avira about suspicious files. I've clicked remove only for more to show up again and again. Sometimes when trying to shut my laptop down it seems to only restart without every shutting down. I have also been experiencing a slow internet connection that sometimes drops. I'm using wifi but it's also slow sometimes while using a wired connection. I've talked to my ISP and they've said everything seems normal on their end. Here are the logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by Katrina at 16:08:12 on 2016-12-17
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.16307.13205 [GMT -8:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\AdminService.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
C:\Program Files\Acer\Acer Quick Access\QASvc.exe
C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Dolby Digital Plus\ddp.exe
C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WinZip\FAHWindow64.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files\WinZip\WZUpdateNotifier.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mStart Page = www.google.com
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
uRun: [Steam] "D:\Steam\steam.exe" -silent
uRun: [MusicManager] "C:\Users\Katrina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Google Update] C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
mRun: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
mRun: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
StartupFolder: C:\Users\Katrina\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\zSpeedup.lnk - C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\FAH.lnk - C:\Program Files\WinZip\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\UPDATE~1.LNK - C:\Program Files\WinZip\WZUpdateNotifier.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{15191175-0a54-4bed-a533-06e171fa0513} : DHCPNameServer = 162.150.8.16 162.150.21.16
TCP: Interfaces\{2c2320df-e52a-400d-a653-bca286dc916c} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3bd93821-b9da-451c-ad8f-59b3fe9adb9a} : DHCPNameServer = 192.168.224.1
TCP: Interfaces\{92ab792f-c7fb-4c15-8d71-aa2aba08d94e} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{92ab792f-c7fb-4c15-8d71-aa2aba08d94e}\14355535 : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = www.google.com
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - hxxps://habitica.com/#/tasks
FF - prefs.js: keyword.URL - true
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Katrina\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\NPRobloxProxy.dll
FF - plugin: C:\Users\Katrina\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\NPRobloxProxy64.dll
FF - plugin: C:\Users\Katrina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Katrina\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2016-12-17 9728]
R0 avusbflt;avusbflt;C:\WINDOWS\System32\drivers\avusbflt.sys [2016-10-27 28272]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-14 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-22 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-27 227328]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\drivers\avkmgr.sys [2016-10-27 35488]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2016-10-27 476736]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2016-10-27 476736]
R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2016-6-25 355760]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\drivers\avgntflt.sys [2016-10-27 151352]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
R2 AviraPhantomVPN;Avira Phantom VPN;C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [2016-12-15 300424]
R2 avnetflt;avnetflt;C:\WINDOWS\System32\drivers\avnetflt.sys [2016-10-27 78208]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2014-6-26 2267352]
R2 CDPUserSvc_4eda1;CDPUserSvc_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [2016-12-7 946640]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-11-6 362120]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-6 223008]
R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2014-6-10 466664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-12-17 188352]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-21 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-14 459832]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2016-10-21 1163712]
R2 OneSyncSvc_4eda1;Sync Host_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-29 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-6-25 610656]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2015-5-14 2573568]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2016-7-16 446464]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 LMDriver;Launch Manager Wireless Driver;C:\WINDOWS\System32\drivers\LMDriver.sys [2013-7-17 21360]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-12-17 46240]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-5-5 46016]
R3 PimIndexMaintenanceSvc_4eda1;Contact Data_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 QALSvc;Quick Access Local Service;C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [2015-7-17 395616]
R3 QASvc;Quick Access Service;C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2015-7-17 450400]
R3 Qcamain10x64;Qualcomm Atheros Extensible Wireless LAN 11AC device driver;C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2016-7-16 2336768]
R3 RadioShim;Shim for HID-KMDF Interface layer;C:\WINDOWS\System32\drivers\RadioShim.sys [2013-7-17 14680]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_4eda1;User Data Storage_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_4eda1;User Data Access_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-29 719360]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2016-10-27 1089592]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2016-10-27 1490296]
S2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-9-20 324224]
S2 SpeedupService;Avira System Speedup;"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe" --> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2016-7-14 282112]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-27 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2016-1-4 25832]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-7-22 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EasyAntiCheat;EasyAntiCheat;C:\WINDOWS\System32\EasyAntiCheat.exe --> C:\WINDOWS\System32\EasyAntiCheat.exe [?]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 203344]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-5-6 38296]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-10-15 473864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-8-12 177376]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 mbamchameleon;mbamchameleon;C:\WINDOWS\System32\drivers\mbamchameleon.sys [2016-4-15 140672]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_4eda1;MessagingService_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-10-21 462784]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-25 27584]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\System32\drivers\qcusbser.sys [2016-3-24 252432]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2015-1-29 331992]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-22 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-7-22 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-29 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 UEIPSvc;User Experience Improvement Program;C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [2014-6-23 233216]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_4eda1;Windows Push Notifications User Service_4eda1;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-22 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2016-12-17 18:14:52   549624   ----a-w-   C:\WINDOWS\System32\drivers\EasyAntiCheat.sys
2016-12-17 09:09:13   --------   d-----w-   C:\Users\Katrina\AppData\Roaming\NVIDIA
2016-12-17 04:45:45   --------   d-----w-   C:\Users\Katrina\AppData\Roaming\GameSparks
2016-12-17 04:45:29   --------   d-----w-   C:\Users\Katrina\AppData\Roaming\RELAY
2016-12-17 04:45:28   --------   d-----w-   C:\Users\Katrina\.aws
2016-12-17 04:45:17   --------   d-----w-   C:\Users\Katrina\AppData\Roaming\AGS
2016-12-17 03:36:52   --------   d-----w-   C:\ProgramData\Twitch
2016-12-17 03:36:47   --------   d-----w-   C:\Users\Katrina\AppData\Roaming\Twitch
2016-12-15 07:40:07   942528   ----a-w-   C:\WINDOWS\System32\NvIFR64.dll
2016-12-13 18:32:03   8168000   ----a-w-   C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-13 18:31:59   956416   ----a-w-   C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2016-12-11 07:49:01   395024   ----a-w-   C:\WINDOWS\SysWow64\EasyAntiCheat.exe
2016-12-10 22:12:01   --------   d-----w-   C:\ProgramData\UniqueId
2016-12-10 22:11:40   --------   d-----w-   C:\Users\Katrina\AppData\Local\WinZip
2016-12-10 21:42:00   --------   d-----w-   C:\ProgramData\MEGAsync
2016-12-10 20:26:45   --------   d-----w-   C:\Users\Katrina\AppData\Local\MEGAsync
2016-12-09 20:04:59   870912   ----a-w-   C:\WINDOWS\System32\msdtcprx.dll
2016-12-07 09:04:16   2051024   ----a-w-   C:\WINDOWS\SysWow64\GIMEJa.ime
2016-12-07 09:04:14   2414544   ----a-w-   C:\WINDOWS\System32\GIMEJa.ime
2016-11-25 21:41:45   91584   ----a-w-   C:\WINDOWS\SysWow64\nvaudcap32v.dll
2016-11-25 21:41:45   101824   ----a-w-   C:\WINDOWS\System32\nvaudcap64v.dll
2016-11-25 19:23:59   83736   ----a-w-   C:\WINDOWS\System32\xinput1_2.dll
2016-11-18 18:03:06   41928   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
.
==================== Find3M ====================
.
2016-12-18 00:04:54   180   ----a-w-   C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-15 15:22:30   28272   ----a-w-   C:\WINDOWS\System32\drivers\avusbflt.sys
2016-12-15 15:22:29   151352   ----a-w-   C:\WINDOWS\System32\drivers\avgntflt.sys
2016-12-11 23:56:25   835576   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25   177656   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-11 18:47:50   1951   ----a-w-   C:\WINDOWS\NvContainerRecovery.bat
2016-12-11 18:47:44   6384576   ----a-w-   C:\WINDOWS\System32\nvcpl.dll
2016-12-11 18:47:44   2475968   ----a-w-   C:\WINDOWS\System32\nvsvc64.dll
2016-12-11 18:47:42   81856   ----a-w-   C:\WINDOWS\System32\nv3dappshextr.dll
2016-12-11 18:47:42   71224   ----a-w-   C:\WINDOWS\System32\nvshext.dll
2016-12-11 18:47:42   548408   ----a-w-   C:\WINDOWS\System32\nv3dappshext.dll
2016-12-11 18:47:42   392128   ----a-w-   C:\WINDOWS\System32\nvmctray.dll
2016-12-11 18:47:42   1764408   ----a-w-   C:\WINDOWS\System32\nvsvcr.dll
2016-12-11 04:41:07   192216   ----a-w-   C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-12-09 19:23:29   180224   ----a-w-   C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15   1637728   ----a-w-   C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14   137568   ----a-w-   C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34   894096   ----a-w-   C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34   1051112   ----a-w-   C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26   1354320   ----a-w-   C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26   1173496   ----a-w-   C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11   7816032   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39   377184   ----a-w-   C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23   2681200   ----a-w-   C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24   764392   ----a-w-   C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38   172528   ----a-w-   C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21   2677544   ----a-w-   C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20   2189664   ----a-w-   C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16   658784   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13   402272   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12   1738560   ----a-w-   C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35   1293152   ----a-w-   C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21   168424   ----a-w-   C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47   624048   ----a-w-   C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21   2913144   ----a-w-   C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16   1100128   ----a-w-   C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15   1267512   ----a-w-   C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14   811872   ----a-w-   C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12   947552   ----a-w-   C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09   989024   ----a-w-   C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:18   1988560   ----a-w-   C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50   1274712   ----a-w-   C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33   241504   ----a-w-   C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15   2048496   ----a-w-   C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58   1461200   ----a-w-   C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40   1572768   ----a-w-   C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:09:27   455520   ----a-w-   C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59   2323728   ----a-w-   C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43   1503544   ----a-w-   C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08   861024   ----a-w-   C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58   106896   ----a-w-   C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25   846560   ----a-w-   C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24   2166752   ----a-w-   C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:01   1852720   ----a-w-   C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-09 09:57:00   6668040   ----a-w-   C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15   959112   ----a-w-   C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21   1435896   ----a-w-   C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21   1415752   ----a-w-   C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08   117240   ----a-w-   C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29   22563328   ----a-w-   C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47   40448   ----a-w-   C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43   206848   ----a-w-   C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29   227328   ----a-w-   C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22   380928   ----a-w-   C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06   32768   ----a-w-   C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38   147968   ----a-w-   C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39   324608   ----a-w-   C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29   261632   ----a-w-   C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10   411136   ----a-w-   C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01   49152   ----a-w-   C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56   425984   ----a-w-   C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32   410112   ----a-w-   C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09   3059200   ----a-w-   C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05   231936   ----a-w-   C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02   6285312   ----a-w-   C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52   822784   ----a-w-   C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31   288768   ----a-w-   C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42   3777536   ----a-w-   C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37   1589760   ----a-w-   C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18   635904   ----a-w-   C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22   3689984   ----a-w-   C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20   198656   ----a-w-   C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11   313856   ----a-w-   C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32   19413504   ----a-w-   C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31   4612608   ----a-w-   C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51   4749312   ----a-w-   C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55   1004544   ----a-w-   C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12   3306496   ----a-w-   C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55   5114368   ----a-w-   C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36   981504   ----a-w-   C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32   8129536   ----a-w-   C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01   1692672   ----a-w-   C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28   376832   ----a-w-   C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21   2275840   ----a-w-   C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27   1490944   ----a-w-   C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06   2820096   ----a-w-   C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02   2688512   ----a-w-   C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48   4746752   ----a-w-   C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42   3616768   ----a-w-   C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31   1512960   ----a-w-   C:\WINDOWS\System32\win32kbase.sys
.
============= FINISH: 16:08:34.67 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 9/22/2016 9:55:08 AM
System Uptime: 12/17/2016 4:03:56 PM (0 hours ago)
.
Motherboard: Acer | | Aspire VN7-791
Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz | U3E1 | 2500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 112.95 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 582.757 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 12/13/2016 10:56:36 AM - Windows Update
RP30: 12/16/2016 7:34:45 PM - Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
.
==== Installed Programs ======================
.
 DriverSetupUtility
7-Zip 16.02 (x64)
abDocs
abDocs Office AddIn
abFiles
abMusic
abPhoto
Acer Care Center
Acer Explorer Agent
Acer Launch Manager
Acer Portal
Acer Power Management
Acer Quick Access
Acer User Experience Improvement Program App Monitor Plugin
Acer User Experience Improvement Program Framework
Acer Video Player
Adobe Acrobat Reader DC
Adobe Flash Player 24 NPAPI
Adobe Refresh Manager
Aloha TriPeaks
Anki
Ansel
AOP Framework
Avira Antivirus
Avira Connect
Avira Phantom VPN
Bejeweled 2 Deluxe
Brawlhalla
Breakaway
Broadcom NetLink Controller
Brother MFL-Pro Suite MFC-J870DW
Brother Product Research and Support Program
CyberLink PhotoDirector 3
CyberLink PowerDirector 10
CyberLink PowerDVD 12
Democracy 3
Discord
Dolby Digital Plus Home Theater
Dota 2
Dual-Core Optimizer
eBay Worldwide
Everlasting Summer
f.lux
Farm to Fork Collector's Edition
Foxit PhantomPDF
Free to Play
Game Explorer Categories - genres
Game Explorer Categories - main
Ghost in the Shell: Stand Alone Complex - First Assault Online
Google ?????
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hero Siege
Heroes of the Storm
Hi-Rez Studios Authenticate and Update Service
HiPatch
Intel(R) Chipset Device Software
Intel(R) Management Engine Components
Intel(R) ME UninstallLegacy
Intel(R) Processor Graphics
Intel(R) Update Manager
Intel® Security Assist
Intel® Trusted Connect Service Client
Java 8 Update 111
Java Auto Updater
Jewel Match 3
King Oddball
League of Legends
LibreOffice 5.1.1.3
LUXOR Evolved
Magic Academy
McAfee WebAdvisor
MEGAsync
Microsoft ASP.NET MVC 4 Runtime
Microsoft Office
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212
Moonbase Alpha
Mozilla Firefox 49.0.2 (x86 en-US)
Mozilla Maintenance Service
Music Manager
Nexon Game Manager
NVIDIA Backend
NVIDIA Container
NVIDIA Control Panel 376.33
NVIDIA Display Container
NVIDIA Display Container LS
NVIDIA Elevated User Container
NVIDIA GeForce Experience 3.1.2.31
NVIDIA Graphics Driver 376.33
NVIDIA Install Application
NVIDIA LocalSystem Container
NVIDIA Message Bus for NvContainer
NVIDIA NetworkService Container
NVIDIA Optimus Update 2.13.0.21
NVIDIA PhysX System Software 9.16.0318
NVIDIA ShadowPlay 2.13.0.21
Nvidia Share
NVIDIA Update 2.13.0.21
NVIDIA Update Core
NVIDIA User Container
NVIDIA Virtual Audio 3.40.1
NVIDIA Watchdog Plugin for NvContainer
NVIDIA Wireless Controller Service
NvNodejs
NvTelemetry
Overwatch
Paladins
Path of Exile
PDFBinder
Peggle Nights
Phantom Breaker: Battle Grounds
Plants vs. Zombies - Game of the Year
Polar Bowler 1st Frame
Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer
Realm of the Mad God
Realtek Card Reader
Realtek High Definition Audio Driver
ROBLOX Player
ROBLOX Player for Katrina
RoboForm 7-9-25-5 (All Users)
SHIELD Streaming
SHIELD Wireless Controller Driver
Sid Meier's Civilization V
Skype™ 7.30
Skyperious 3.5
Spotify
Steam
TERA
The Chronicles of Emerland Solitaire
Trinklit Supreme
Twitch Launcher
Update Installer for WildTangent Games App
Vulkan Run Time Libraries 1.0.26.0
WildTangent Games
WildTangent Games App
WinZip 21.0
Word Search Creator 1.0
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/17/2016 4:06:14 PM, Error: Service Control Manager [7023] - The Connected Devices Platform Service service terminated with the following error: Unspecified error
12/17/2016 4:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
12/17/2016 4:04:03 PM, Error: Service Control Manager [7000] - The SpeedupService service failed to start due to the following error: The system cannot find the file specified.
12/17/2016 10:34:48 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
12/14/2016 11:43:10 PM, Error: Service Control Manager [7034] - The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).
12/13/2016 10:14:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/13/2016 10:14:29 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2016 6:45:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{43d945af-c2b6-4b7d-9b8b-595dd723786e}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9A83F4EF-BFE3-4CFE-9C84-7ADF7C5DE9EA}' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================

Thank you for your help.
« Last Edit: March 15, 2017, 12:36:40 PM by negster22 »



Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #1 on: December 18, 2016, 09:38:08 AM »


 Hello Kat40,  :)1

  I am Platypuss, I will be helping you with your problem.
   
Before we begin, please follow my simple rules:-
  • If you do not understand any instructions, Stop & Ask do not risk creating
          further problems.
  • Please do not run any tools unless instructed to do so because it may well
          cause unforseen damage to your machine.
  • It may help you to print out my instructions, so that mistakes are not made.
  • I am a trainee here but my instructions are checked by my mentor, there may be some delay but you will get a high quality of service.
  • Malware removal is frequently complex, it takes time to analyse logs, please be patient.   
  • I will advise you as soon as your computer is clean, until then it may still be infected !
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Change Downloads  to Desktop 

How to change your download location to Desktop HERE

Google Chrome -
  • Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
  • Choose Settings. at the bottom of the screen click the "Show advanced settings..." link.
  • Scroll down to find the Downloads section and click the Change... button.
  • Select your desktop and click OK.
Mozilla Firefox -
  • Click the "Open Menu" button in the upper right-corner of the browser.
  • Choose Options. In the downloads section, click the Browse button,
  • click on the Desktop folder and the click the "Select Folder" button.
  • Click OK to get out of the Options menu.
Internet Explorer -
  • Click the Tools menu in the upper right-corner of the browser. Select View downloads.
  • Select the Options link in the lower left of the window. Click Browse and select the Desktop.
  • Then choose the Select Folder button. Click OK to get out of the download options screen .
  • Now click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
NEXT
Download Malwarebytes Anti-Malware to your desktop, HERE
Choose the Free Download & follow prompts to install the program.
A 14 day trial of the premium features is pre-selected & will revert to the free edition at end of period.

 
• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".

• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware

• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.

• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.

To get the log from your MBAM do the following:

• Click on the History tab > Application Logs.

• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export  > From export you have three options:

 [1] Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
[2] Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
[3]  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
>>>>>>>>>>>>

NEXT

  Download & run Farbar Recovery Scan Tool (FRST) & save to your Desktop.
 

Note: you need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.
       
  • Press Scan button.
       
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
       
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If you lose sight of them, they will be saved in the same location as FRST64.exe.
>>>>>>>>>>>>>>>>>>>>>>>>>

I need MBAM & both FRST logs please.
>>>>>>>>>>>>>>>>>>>>>>>>>
Platypuss





Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #2 on: December 18, 2016, 01:37:01 PM »
Thank you for your help. I had Malwarebytes installed already. I forgot I also ran Malwarebytes a week ago, on the 11th and it found PUPs but it didn't seem to find anything this time. I tried to copy and paste the FRST file but it said "The message exceeds the maximum allowed length" so I attached it instead. I'll try copying and pasting it in a separate reply. Thank you again for your help.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/18/2016
Scan Time: 9:43 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.18.04
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Katrina

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327757
Time Elapsed: 9 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)





Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #3 on: December 20, 2016, 09:21:09 AM »


 
Quote
I tried to copy and paste the FRST file but it said "The message exceeds the maximum allowed length" so I attached it instead.

I would be grateful if you could Copy/Paste logs into your replies please, because when they are attached
I am unable to use certain diagnostic tools.
I suggest that you separate the logs & use two (or more) replies as necessary  :)1

My instructions to continue will be in my next post.
Platypuss

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #4 on: December 20, 2016, 10:15:31 AM »


 

     
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]
Create Restore Point:
Close Processes:

File:C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.2CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File9.5\psuser_64.dll => No File
Task: {182F41E3-968D-4727-BF5C-71FED341BE54} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {1C31A699-F2F7-4D3E-822A-7E8A484EFF1C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTIONTask: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
Task: {32496C8E-C9EC-417B-9483-1B004AEF6541} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7FEC40BC-2AE1-42FA-B83F-39DDACB1C31C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKMJMMJLMGMMJIMMJCNHMLMPMHMCNLMGMJMNJCNHMHMLMOJCNMJJMHMNJIMMJJJMJKMOJNMNMJNJICMIMCNGMCNNMKMFMOMOMCNLMLMIMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMNMKMLMJNHICMEKMICNJJCKJNBJCMELOJLINIGJBJOJJNKJCMJNNICMJNDJCMKJ (the data entry has 57 more characters).
Task: {B35D8531-6FD5-4E67-861C-50A1059C5E51} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C1D075BC-3675-471D-AE45-4486725265AE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FA644C8B-FFD0-4183-AE96-404AC716876E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC9C74A4-2C5F-4934-84B0-1CEAEF0C3B6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FF784C87-28A6-4E46-9101-69AD1896CA17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job =>
IE trusted site: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...loc\alhost -> localhost
Cmd:Replace:R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
Cmd:Replace:S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
Cmd:Replace:U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
Cmd:Replace:S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
Task: C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job =>

Cmd: ipconfig /flushdns
Empty temp:
reboot


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

NEXT

Please download & run as Administrator AdwCleaner & save to your desktop[/color]
How to Run As Administrator[/COLOR][/url] Using the search box there.

  • Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan in the Actions box
  • Please wait for the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
       
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot

    After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply....
   
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click the AdwCleaner icon on your desktop.
NOTE: Please make sure you are using the AdwCleaner distributed by the legitimate vendor- Malwarebytes.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

NEXT
Please download Junkware Removal Tool to your Desktop.[/color]
  • Please close your security software to avoid potential conflicts.temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs] HERE
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>>>>>>>


I need the Fixlist.txt.AdwCleaner log & JRT.txt. please.

How is your Computer behaving now ?

Platypuss
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #5 on: December 20, 2016, 01:59:05 PM »
Thank you! My PC seems to be running better now. You said to attach the fixlog.txt to my reply but I'm not sure if you meant to copy and paste it instead. I'll make another reply with it.

# AdwCleaner v6.041 - Logfile created 20/12/2016 at 10:59:26
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-19.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Katrina - TRINA-PC
# Running from : C:\Users\Katrina\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files\DriverSetupUtility
[-] Folder deleted: C:\ProgramData\DriverSetupUtility
  • Folder deleted on reboot: C:\ProgramData\Application Data\DriverSetupUtility
  • [-] Folder deleted: C:\Users\Public\Pokki


    ***** [ Files ] *****

    [-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
    [-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
    [-] File deleted: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
    [-] File deleted: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
    [-] File deleted: C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\extensions\
jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
[-] File deleted: C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\searchplugins\bing-lavasoft.xml
[-] File deleted: C:\searchplugins\bing-lavasoft.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Katrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk


***** [ Scheduled Tasks ] *****

[-] Task deleted: Software Update Application


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
  • [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    [-] Key deleted: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\AppDataLow\Software\adawarebp
  • Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
  • [-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
  • Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
  • [-] Key deleted:
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
  • [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
  • Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
  • Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
  • [-] Value deleted: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Windows\CurrentVersion\Run
[Web Companion]
[-] Value deleted: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
  • Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
  • Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
  • [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


    ***** [ Web browsers ] *****

    [-] Chrome preferences cleaned: "browser.newtabpage.url" -  "hxxp://www.bing.com/?pc=COSP&ptag=D061816-A4051B2AE3CDF42EAB2F&form=CONMHP&conlogo=CT3329381"
    [-] Chrome preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
    [-] Chrome preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
    [-]
[C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2034 Bytes] - [17/06/2016 08:33:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [3933 Bytes] - [17/06/2016 20:27:33]
C:\AdwCleaner\AdwCleaner[C3].txt - [3562 Bytes] - [17/06/2016 23:37:14]
C:\AdwCleaner\AdwCleaner[C4].txt - [9051 Bytes] - [20/12/2016 10:59:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [2451 Bytes] - [17/06/2016 07:53:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [1522 Bytes] - [17/06/2016 08:05:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1991 Bytes] - [17/06/2016 08:10:05]
C:\AdwCleaner\AdwCleaner[S4].txt - [2064 Bytes] - [17/06/2016 08:16:24]
C:\AdwCleaner\AdwCleaner[S5].txt - [4091 Bytes] - [17/06/2016 20:24:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [3150 Bytes] - [17/06/2016 23:36:00]
C:\AdwCleaner\AdwCleaner[S7].txt - [9386 Bytes] - [20/12/2016 10:52:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [9635 Bytes] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Katrina (Administrator) on Tue 12/20/2016 at 11:07:22.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\Avira System Speedup Tray (Task)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CE73D96-60F5-4725-B57C-E6DBCC21EAB7} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/20/2016 at 11:08:34.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #6 on: December 20, 2016, 01:59:51 PM »
Here is the fixlog.txt file copied and pasted

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by Katrina (20-12-2016 10:47:28) Run:1
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Create Restore Point:
Close Processes:

File:C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.2CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File9.5\psuser_64.dll => No File
Task: {182F41E3-968D-4727-BF5C-71FED341BE54} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {1C31A699-F2F7-4D3E-822A-7E8A484EFF1C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTIONTask: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
Task: {32496C8E-C9EC-417B-9483-1B004AEF6541} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7FEC40BC-2AE1-42FA-B83F-39DDACB1C31C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKMJMMJLMGMMJIMMJCNHMLMPMHMCNLMGMJMNJCNHMHMLMOJCNMJJMHMNJIMMJJJMJKMOJNMNMJNJICMIMCNGMCNNMKMFMOMOMCNLMLMIMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMNMKMLMJNHICMEKMICNJJCKJNBJCMELOJLINIGJBJOJJNKJCMJNNICMJNDJCMKJ (the data entry has 57 more characters).
Task: {B35D8531-6FD5-4E67-861C-50A1059C5E51} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C1D075BC-3675-471D-AE45-4486725265AE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FA644C8B-FFD0-4183-AE96-404AC716876E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC9C74A4-2C5F-4934-84B0-1CEAEF0C3B6B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FF784C87-28A6-4E46-9101-69AD1896CA17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job =>
IE trusted site: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...loc\alhost -> localhost
Cmd:Replace:R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
Cmd:Replace:S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
Cmd:Replace:U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
Cmd:Replace:S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
Task: C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job =>

Cmd: ipconfig /flushdns
Empty temp:
reboot
*****************

Create Restore Point: => Error: No automatic fix found for this entry.
Processes closed successfully.

========================= File:C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job ========================

File not signed
MD5: F5C60136449DB2003792F0BFF76C244E
Creation and modification date: 2016-12-10 14:11 - 2016-12-11 06:35
Size: 0000300
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.2CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
"HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{182F41E3-968D-4727-BF5C-71FED341BE54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182F41E3-968D-4727-BF5C-71FED341BE54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C31A699-F2F7-4D3E-822A-7E8A484EFF1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C31A699-F2F7-4D3E-822A-7E8A484EFF1C}" => key removed successfully
C:\WINDOWS\\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTIONTask: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeTask: {1C31A699-F2F7-4D3E-822A-7E8A484EFF1C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION\{0A27B7C3-0F46-397A-F326-20F828995527} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32496C8E-C9EC-417B-9483-1B004AEF6541}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32496C8E-C9EC-417B-9483-1B004AEF6541}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEC40BC-2AE1-42FA-B83F-39DDACB1C31C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEC40BC-2AE1-42FA-B83F-39DDACB1C31C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Open URL by RoboForm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B35D8531-6FD5-4E67-861C-50A1059C5E51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B35D8531-6FD5-4E67-861C-50A1059C5E51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1D075BC-3675-471D-AE45-4486725265AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1D075BC-3675-471D-AE45-4486725265AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA644C8B-FFD0-4183-AE96-404AC716876E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA644C8B-FFD0-4183-AE96-404AC716876E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC9C74A4-2C5F-4934-84B0-1CEAEF0C3B6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC9C74A4-2C5F-4934-84B0-1CEAEF0C3B6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF784C87-28A6-4E46-9101-69AD1896CA17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF784C87-28A6-4E46-9101-69AD1896CA17}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job => moved successfully
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alhost => key not found.

========= Replace:R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] =========

The filename, directory name, or volume label syntax is incorrect.

========= End of CMD: =========


========= Replace:S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] =========

The filename, directory name, or volume label syntax is incorrect.

========= End of CMD: =========


========= Replace:U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed] =========

The filename, directory name, or volume label syntax is incorrect.

========= End of CMD: =========


========= Replace:S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] =========

The filename, directory name, or volume label syntax is incorrect.

========= End of CMD: =========

C:\WINDOWS\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}.job => not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

reboot => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 569589 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 87277624 B
Java, Flash, Steam htmlcache => 708037855 B
Windows/system/drivers => 3482920 B
Edge => 16847556 B
Chrome => 970752 B
Firefox => 402326405 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18248286 B
NetworkService => 55532 B
Katrina => 1429184333 B

RecycleBin => 795543 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:47:51 ====

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #7 on: December 21, 2016, 12:10:29 PM »

 
Thanks for the logs.A further check please:-
 

Please scan your computer with ESET Online Scanner.
It may take a long time to run, it is very thorough.Do not use your computer whilst your antivirus is disabled.

NOTE: ESET Online Scanner can be run from Internet Explorer, Firefox, or Chrome.
If using Firefox or Chrome, you will need to download a small utility.
        Double-click esetsmartinstaller_enu.exe to run it.

  • Click on this link to open ESET Online Scanner in a new window.
  • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  • Close all your programs and browsers.
  • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. HERE
  • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications
  • Then click Advanced settings and check mark the following options:
  • Enable detection of potentially unsafe applications
  • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked
  • Scan archives[/color]
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.
Copy the contents of the log and paste it in your next reply please.
>>>>>>>>>>>>>>>>>>>>>>>>>
Platypuss
 

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #8 on: December 21, 2016, 09:53:05 PM »
The scanner didn't really give me the option to export, but it did have the option to copy to clipboard or save to text file. This is what was in the txt file

C:\Windows\Installer\22d242.msi   a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application   

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #9 on: December 22, 2016, 12:41:26 PM »

That needs to be removed totally & Eset run again.
So remove any folders referring to ESET on your Desktop.
Please follow the revised instructions carefully:-



   
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions HERE
Please visit ESET Online Scanner website. HERE

Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.


If using Mozilla Firefox or Google Chrome:

   
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
       
  • Double click esetsmartinstaller_enu.exe.
       
  • Allow the Terms of Use and click Start.

    To perform the scan:

       
  • Make sure that Remove found threats is Checked.
       
  • Scan archives is checked.
       
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology is checked.
       
  • Under Enable Stealth Technology select ?Change? select any extra drives in that window.
  • Click Start
       
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
       
  • When the scan is done, click Finish.
       
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Alternatively if threats were found.Click on "List of found threats" then click Export to text file.
  • Save it to your Desktop,then please copy and paste that log as a reply to this topic
Platypuss
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #10 on: December 23, 2016, 12:38:04 AM »
I ran ESET scanner, it removed the file. I can't find the file in the location you describe. I did try to search and I found an ESET file in another area but I couldn't find a log file in it.

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #11 on: December 23, 2016, 03:32:42 AM »
One other thing I forgot to mention cause it doesn't do it all the time, is sometimes it heats up. It especially happens while playing games. I'm not sure if it has to do with other programs running in the background. I've tried closing programs that show in the task bar but it still gets hot. I always keep my laptop elevated on its box or a table.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #12 on: December 24, 2016, 03:54:56 AM »
 Kat540, I will reply shortly.
 Can you give me details of how the c omputer is running now.
Have the original symptoms disappeared ?
Platypuss

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #13 on: December 27, 2016, 04:46:02 AM »
I had trouble with the computer and had to run system restore. I used the last one available from Junkware removal. I re-ran Junkware removal and ESET. They both removed the same files. I wasn't sure if I should re-run FRST and use the fixlist file again or not, so I didn't and let you know first. The computer hasn't had the problem with shutting down anymore, but I am still having problems with the internet. The connection very frequently drops, other times it runs very slow. Thank you for all of your help.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #14 on: December 27, 2016, 10:25:55 AM »


 
Please run your copy of FRST located on your Desktop
  • Right click to run as administrator. when tool opens click Yes to disclaimer
  • Checkmark all boxes under Whitelist
  • Under Optional Scan only checkmark Addition.txt & Shortcut.txt
  • Select Scan & allow it to run.
  • When it finishes, please copy/paste both logs back here.
Could you advise what the problems were that caused you to run System Restore please ?

Please do not run tools without my advice.

Thank you.
Platypuss


 

Click Here