Author Topic: [In Progress] Slow computer and multiple processes seem in use with Task Manager  (Read 930 times)

Offline spec

  • Bronze Member
  • Posts: 99
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18163
Run by Don at 14:15:20 on 2016-12-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3292.1923 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Roxio Easy CD & DVD Burning\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Roxio Easy CD & DVD Burning\Roxio Burn\Roxio Burn.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k utcsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxpS://WWW.STARTPAGE.COM
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [ISUSPM] c:\programdata\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [RoxWatchTray] "c:\program files\roxio easy cd & dvd burning\common\RoxWatchTray14.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9D008A94-0003-43EF-9CF7-60FDA3C61661} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\x846abwy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2016-1-31 23184]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2016-1-31 16016]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2016-1-31 25744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2012-6-20 457360]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2012-7-11 22160]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-11-15 95408]
R2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files\roxio easy cd & dvd burning\roxio burn\RoxioBurnLauncher.exe [2012-7-5 535184]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2015-11-15 245760]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-2-13 224424]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 RoxWatch14;Roxio Hard Drive Watcher 14;c:\program files\roxio easy cd & dvd burning\common\RoxWatch14.exe [2012-11-29 341136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2013-2-13 349736]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-1-17 102912]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2014-12-28 48280]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2014-12-28 30488]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-5-1 14848]
S3 RoxMediaDB14;RoxMediaDB14;c:\program files\roxio easy cd & dvd burning\common\RoxMediaDB14.exe [2012-11-29 1096848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2016-2-13 11232]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2015-5-1 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-5-1 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2015-5-1 26880]
.
=============== Created Last 30 ================
.
2016-12-08 22:02:17   915640   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{964b7370-320c-4cdb-8213-72fb728682e6}\gapaengine.dll
2016-12-08 22:01:48   9834504   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{b42a8b5a-c0b5-43ab-9c61-9ece24c41a02}\mpengine.dll
2016-12-07 20:06:34   9834504   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2016-11-09 18:12:13   796352   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2016-11-09 18:12:12   142528   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-28 01:22:22   407720   ------w-   c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:16:02.08 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2015 8:13:57 AM
System Uptime: 12/11/2016 2:03:48 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0Y958C
Processor: Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz | CPU | 2992/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 184.811 GiB free.
D: is CDROM (UDF)
R: is FIXED (NTFS) - 10 GiB total, 6.799 GiB free.
W: is FIXED (NTFS) - 0 GiB total, 0.311 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP124: 11/5/2016 10:58:57 AM - Windows Update
RP125: 11/8/2016 3:34:26 PM - Windows Update
RP126: 11/13/2016 11:41:59 AM - Windows Update
RP127: 11/17/2016 12:52:33 PM - Windows Update
RP128: 11/25/2016 11:43:01 AM - Windows Update
RP129: 11/28/2016 4:39:21 PM - Windows Update
RP130: 12/3/2016 10:17:49 AM - Windows Update
RP131: 12/7/2016 3:05:53 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 23 NPAPI
Adobe Reader XI (11.0.02)
Adobe Refresh Manager
ArcSoft PhotoStudio 5.5
Canon CanoScan LiDE 200 User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 200 Scanner Driver
DirectX 9 Runtime
Easy CD & DVD Burning Content
GWX Control Panel
HL-2240D
Java Auto Updater
Java(TM) 6 Update 22
Microsoft .NET Framework 4.5.2
Microsoft Office
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 50.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 45.5.1 (x86 en-US)
OpenOffice.org 3.3
Roxio BackOnTrack
Roxio Burn
Roxio Central
Roxio Easy CD and DVD Burning
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
Visual Studio 2012 x86 Redistributables
VLC media player
Wisdom-soft ScreenHunter 6.0 Free
.
==== Event Viewer Messages From Past Week ========
.
12/9/2016 6:25:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1752.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/9/2016 6:25:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1752.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/4/2016 4:22:12 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1263.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8007045b     Error description: A system shutdown is in progress.
12/11/2016 2:04:14 PM, Error: Service Control Manager [7023]  - The Roxio Hard Drive Watcher 14 service terminated with the following error:  %%-2147467243
12/11/2016 2:00:47 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error:  An instance of the service is already running.
12/11/2016 2:00:47 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
12/11/2016 2:00:47 PM, Error: Service Control Manager [7000]  - The IP Helper service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/11/2016 2:00:17 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
12/11/2016 2:00:17 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
12/11/2016 2:00:17 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/11/2016 1:59:47 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
12/11/2016 1:59:47 PM, Error: Service Control Manager [7000]  - The User Profile Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/11/2016 1:59:17 PM, Error: Service Control Manager [7034]  - The SSDP Discovery service terminated unexpectedly.  It has done this 3 time(s).
12/11/2016 1:59:17 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
12/11/2016 1:59:17 PM, Error: Service Control Manager [7000]  - The System Event Notification Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/11/2016 1:58:47 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
12/11/2016 1:58:29 PM, Error: Service Control Manager [7031]  - The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/11/2016 1:58:14 PM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
12/11/2016 1:57:47 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
12/11/2016 1:57:44 PM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
12/11/2016 1:57:44 PM, Error: Service Control Manager [7031]  - The Function Discovery Resource Publication service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:57:34 PM, Error: Service Control Manager [7031]  - The Windows Firewall service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:57:34 PM, Error: Service Control Manager [7031]  - The Diagnostic Policy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:57:34 PM, Error: Service Control Manager [7031]  - The Base Filtering Engine service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:47 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:46 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
12/11/2016 1:56:46 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/11/2016 1:56:46 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2016 1:27:54 PM, Error: Service Control Manager [7022]  - The Roxio Burn Launcher service hung on starting.
12/10/2016 5:35:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1752.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/10/2016 5:35:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.233.1752.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.13303.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

I am helping my Dad with his computer which I think is a malware problem. I am here each Sunday  and can do this slowly . I appreciate  the help. The pc cpu usage is 50% with no programs running. When I turn off processes the problem seems fixed. Upon reboot the symptom reappears.
« Last Edit: December 17, 2016, 05:31:47 PM by Hoov »

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Slow computer and multiple processes seem in use with Task Manager
« Reply #1 on: December 11, 2016, 03:23:44 PM »
   
 Hello spec.

I am Platypuss, I will be helping you with your problem.

I appreciate that you will only be available on Sundays.


   
Before we begin, please follow my simple rules:-
  • If you do not understand any instructions, Stop & Ask do not risk creating
          further problems.
  • Please do not run any tools unless instructed to do so because it may well
          cause unforseen damage to your machine.
  • It may help you to print out my instructions, so that mistakes are not made.
  • I am a trainee here but my instructions are checked by my mentor, there may be some delay but you will get a high quality of service.
  • Malware removal is frequently complex, it takes time to analyse logs, please be patient.   
  • I will advise you as soon as your computer is clean, until then it may still be infected !

Change Downloads  to Desktop  http://www.thewindowsclub.com/change-download-location-ie-chrome
This will simplify the use of tools that we will be using.



How to change your download location to Desktop HERE

http://www.thewindowsclub.com/change-download-location-ie-chrome


Google Chrome -
  • Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
  • Choose Settings. at the bottom of the screen click the "Show advanced settings..." link.
  • Scroll down to find the Downloads section and click the Change... button.
  • Select your desktop and click OK.
Mozilla Firefox -
  • Click the "Open Menu" button in the upper right-corner of the browser.
  • Choose Options. In the downloads section, click the Browse button,
  • click on the Desktop folder and the click the "Select Folder" button.
  • Click OK to get out of the Options menu.
Internet Explorer -
  • Click the Tools menu in the upper right-corner of the browser. Select View downloads.
  • Select the Options link in the lower left of the window. Click Browse and select the Desktop.
  • Then choose the Select Folder button. Click OK to get out of the download options screen .
  • Now click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....



Next,

    Please download
Malwarebytes' Anti-Malware Free Download to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to your Desktop.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box:-
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:-
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
     Text file (*.txt)        - if selected you will have to name the file and save to your Desktop then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to your Desktop then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
>>>>>>>>>>>>>>>>>

  Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Platypuss
[/list]
« Last Edit: December 15, 2016, 07:12:57 PM by Hoov »