SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Topic started by: Vickster3659 on October 01, 2017, 12:13:14 PM

Title: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on October 01, 2017, 12:13:14 PM
Hello,
The performance of my laptop has been quite slow lately, and today, I accidently clicked on a suspicious link in an email, I want to be sure to clear anything that may have been installed by this.  I ran the DDS tool, but wasn't sure if I should paste it here, or attach the files.  Thanks for any assistance!  You have been great in prior help requests!


Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Bugbatter on October 23, 2017, 08:12:05 PM
After reviewing the instructions HERE (http://spywarehammer.com/post-here-for-malware-removal/%28new-instructions!%29-what-do-i-do-first/) please copy/paste/post the DDS logs as specified. You can post them as a reply to this.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on October 29, 2017, 05:15:31 PM
Thank you.  Here is the attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 8/4/2017 7:28:44 AM
System Uptime: 10/29/2017 6:53:08 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0R8G1C
Processor: Intel(R) Celeron(R) CPU  N3050  @ 1.60GHz | SOCKET 0 | 1601/80mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 384.866 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 9/25/2017 7:00:24 PM - Windows Update
RP8: 10/22/2017 2:11:08 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Refresh Manager
AVG
AVG AntiVirus FREE
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3500 series MP Drivers
Canon MG3500 series On-screen Manual
Canon MG3500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Capture NX-D
CCleaner
Citrix Authentication Manager
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver 4.5
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Citrix Web Helper
CyberLink Media Suite 12
CyberLink Media Suite Essentials
CyberLink Power Media Player 12
CyberLink Power2Go 8
CyberLink PowerDirector 12
Dell Customer Connect
Dell Digital Delivery
Dell Foundation Services
Dell Help & Support
Dell Product Registration
Dell SupportAssist
Dell SupportAssistAgent
Dell System Detect
Dell Update
Dell Update - SupportAssist Update Plugin
Dropbox 20 GB
Dropbox Update Helper
FMW 1
Google Chrome
Google Earth Pro
Google Update Helper
Intel(R) Chipset Device Software
Intel(R) Processor Graphics
Intel(R) Trusted Execution Engine
Intel(R) Trusted Execution Engine Driver
Intel® Security Assist
Java 8 Update 131 (64-bit)
Java Auto Updater
Maxx Audio Installer (x64)
Microsoft Office 365 - en-us
Microsoft Office 365 ProPlus - en-us
Microsoft Office File Validation Add-In
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
Nikon Message Center 2
Nikon Transfer 2
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Extensibility Component 64-bit Registration
Office 16 Click-to-Run Licensing Component
Office 16 Click-to-Run Localization Component
Online Plug-in
Picture Control Utility 2
Product Registration
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm WLAN and Bluetooth Client Installation
QuickSet64
Realtek Card Reader
Realtek High Definition Audio Driver
Realtek USB Ethernet Controller All-In-One Windows Driver
Self-service Plug-in
Skype™ 7.39
Spotify
ViewNX-i
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows 10 Upgrade Assistant
Windows Driver Package - Intel Corporation (iagpioe) System  (05/21/2015 604.10120.2652.361)
Windows Driver Package - Intel Corporation (iai2ce) System  (05/21/2015 604.10120.2654.367)
Windows Driver Package - Intel Corporation (iauarte) System  (05/21/2015 604.10120.2653.391)
.
==== Event Viewer Messages From Past Week ========
.
10/29/2017 6:59:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
10/29/2017 6:59:07 PM, Error: Service Control Manager [7000]  - The Dell Digital Delivery Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2017 6:58:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.
10/29/2017 6:58:07 PM, Error: Service Control Manager [7000]  - The Dell Foundation Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2017 6:54:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
10/29/2017 6:54:56 PM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2017 6:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
10/29/2017 6:54:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffd984a9bf7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: a0b7bffc-f7e5-454a-a770-9e7014cd0146.
10/29/2017 6:53:48 PM, Error: Service Control Manager [7000]  - The CldFlt service failed to start due to the following error:  The request is not supported.
10/29/2017 2:33:57 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
10/29/2017 12:36:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffff8800e63f7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: a85f3fe3-968b-4ae6-bb05-20d142767fa7.
10/28/2017 8:34:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
10/28/2017 8:32:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffe707357f7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: b3e244b7-63a6-441f-814f-71a6f3d5983d.
10/28/2017 2:56:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffcc8b41c71060, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 54a34099-c7ce-42a9-a17d-49b8b8a47583.
10/28/2017 1:46:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect.
10/28/2017 1:46:56 PM, Error: Service Control Manager [7000]  - The Dell Help & Support service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/28/2017 1:42:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffff8385537f7e40, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 92443d9a-a3d5-4b30-92e3-389c2ca7409b.
10/26/2017 7:52:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffc801b41f7b60, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c1303f91-82e0-4bf7-9e36-f21180d842c1.
10/24/2017 8:08:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Customer Connect service to connect.
10/24/2017 8:08:43 PM, Error: Service Control Manager [7000]  - The Dell Customer Connect service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/24/2017 8:06:51 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error: "15616" Happened while starting this command: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
10/24/2017 8:05:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffc8860ca71060, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 1f0f15d1-611b-4a09-a8a5-52a5ba8fd967.
10/22/2017 9:33:06 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
10/22/2017 9:28:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffff8c02c01f7660, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3a865300-113b-4b2e-8215-2787b939024d.
10/22/2017 1:16:13 PM, Error: Service Control Manager [7022]  - The Downloaded Maps Manager service hung on starting.
10/22/2017 1:07:42 PM, Error: Service Control Manager [7043]  - The avgbIDSAgent service did not shut down properly after receiving a preshutdown control.
10/22/2017 1:03:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ca (0x0000000000000005, 0xffffb70e96ff7b60, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 2a116c34-0a55-476f-b045-27ac5c9a4897.
.
==== End Of File ===========================
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on October 29, 2017, 05:17:44 PM
and here is the dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608
Run by Vicks at 19:09:54 on 2017-10-29
Microsoft Windows 10 Home  10.0.15063.0.1252.1.1033.18.4008.1314 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k localservice -s bthserv
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s BthHFSrv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -s FontCache
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k localservice -s netprofm
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Windows\SysWOW64\atashost.exe
C:\WINDOWS\SysWOW64\esif_uf.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\taskhostw.exe
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Users\Vicks\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Vicks\AppData\Local\Apps\2.0\JAR0C1OO.RH9\A7K5A0RV.251\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe
C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s WdiSystemHost
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k smphost
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s gpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SensorService
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\SystemSettingsBroker.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
c:\windows\system32\svchost.exe -k netsvcs -s XblAuthManager
svchost.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wisvc
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
c:\windows\system32\taskhostw.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.spectrum.net/?domain-redirect=true
uLocal Page = %11%\blank.htm
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\Vicks\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
uRun: [Spotify Web Helper] C:\Users\Vicks\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
uRun: [Spotify] C:\Users\Vicks\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
uRun: [DellSystemDetect] C:\Users\Vicks\AppData\Local\Apps\2.0\JAR0C1OO.RH9\A7K5A0RV.251\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
mRun: [isa] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
StartupFolder: C:\Users\Vicks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
StartupFolder: C:\Users\Vicks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SlowLinkDetectEnabled = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://downloads.dell.com/systemprofiler/SysProExe.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{b361fb59-8e1f-4769-86a1-2d1e6e6297d2} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_MAXX6] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SlowLinkDetectEnabled = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 avgbdisk;avgbdisk;C:\WINDOWS\System32\drivers\avgbdiska.sys [2017-10-22 166624]
R1 avgbidsdriver;avgbidsdriver;C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [2017-10-22 314640]
R1 avgRdr;avgRdr;C:\WINDOWS\System32\drivers\avgRdr2.sys [2017-10-22 102792]
R1 avgSnx;avgSnx;C:\WINDOWS\System32\drivers\avgsnx.sys [2017-10-26 1022288]
R1 avgSP;avgSP;C:\WINDOWS\System32\drivers\avgSP.sys [2017-10-22 579584]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2016-6-27 91912]
R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\System32\drivers\ctxusbm.sys [2016-9-5 142000]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2016-10-31 149440]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2016-11-28 325600]
R2 AVG Antivirus;AVG Antivirus;C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [2017-10-22 282536]
R2 avgMonFlt;avgMonFlt;C:\WINDOWS\System32\drivers\avgMonFlt.sys [2017-10-22 140192]
R2 avgStm;avgStm;C:\WINDOWS\System32\drivers\avgStm.sys [2017-10-22 193768]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2017-10-6 1428656]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_57366;Connected Devices Platform User Service_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-10-28 7923880]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [2017-7-27 208760]
R2 DDVDataCollector;Dell Data Vault Collector;C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [2017-7-27 3294584]
R2 DDVRulesProcessor;Dell Data Vault Processor;C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [2017-7-27 217464]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2017-9-19 130936]
R2 Dell Help & Support;Dell Help & Support;C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [2017-9-18 40976]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2017-5-1 230248]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 DpmLiteDrv;DpmLiteDrv;C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [2014-10-15 15080]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2016-6-27 1385640]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-6-27 350312]
R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-2-26 7680]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface;C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2015-4-21 174368]
R2 OneSyncSvc_57366;Sync Host_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 Product Registration;Product Registration;C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-4-6 47144]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2017-7-26 333296]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-10-22 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2017-8-4 53208]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-6-27 246376]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WavesSysSvc;Waves Audio Services;C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [2017-2-7 615384]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-11 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_57366;Windows Push Notifications User Service_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 avgbIDSAgent;avgbIDSAgent;C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [2017-10-22 7496672]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-11-28 608656]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2017-3-18 181248]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2017-3-18 47104]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-8-4 97280]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2017-7-27 32960]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2017-7-27 32568]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2016-6-27 19440]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2016-6-27 53752]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2016-6-27 261624]
R3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
R3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
R3 igfxLP;igfxLP;C:\WINDOWS\System32\drivers\igdkmd64lp.sys [2016-6-27 5864888]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-6-27 474360]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 PimIndexMaintenanceSvc_57366;Contact Data_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2016-6-27 56936]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 TXEIx64;Intel(R) Trusted Execution Engine Interface ;C:\WINDOWS\System32\drivers\TXEIx64.sys [2015-6-26 146232]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
R3 UnistoreSvc_57366;User Data Storage_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_57366;User Data Access_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-3-18 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-6-27 143144]
S2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-1-11 97616]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-23 238320]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-6-1 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 avgHwid;avgHwid;C:\WINDOWS\System32\drivers\avgHwid.sys [2017-10-22 39424]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-25 39424]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-6-27 143144]
S3 DevicesFlowUserSvc_57366;DevicesFlow_57366;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-2-26 330240]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_57366;MessagingService_57366;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-7-11 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2016-6-27 411712]
S3 rtux64w10;Realtek USB FE/GbE NIC Family Windows 10 64-bit Driver;C:\WINDOWS\System32\drivers\rtux64w10.sys [2015-10-30 323072]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2017-8-6 25608]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-25 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-8-4 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-11 757248]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-7-11 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-10-29 22:54:57   180   ----a-w-   C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-27 23:15:58   --------   d--h--w-   C:\OneDriveTemp
2017-10-27 00:18:23   --------   d-----w-   C:\ProgramData\PC-Doctor for Windows
2017-10-27 00:18:16   --------   d-----w-   C:\Program Files\Dell Support Center
2017-10-27 00:02:49   1022288   ----a-w-   C:\WINDOWS\System32\drivers\avgsnx.sys
2017-10-25 01:04:23   106496   ----a-w-   C:\WINDOWS\SysWow64\ATL71.DLL
2017-10-24 01:46:48   466088   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-10-24 01:46:22   29352   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-10-24 01:42:36   209064   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-10-22 19:31:33   230400   ----a-w-   C:\WINDOWS\System32\msclmd.dll
2017-10-22 19:31:33   207872   ----a-w-   C:\WINDOWS\SysWow64\msclmd.dll
2017-10-22 18:30:25   177656   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-10-22 18:30:24   835576   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-10-22 18:24:17   126925120   -c--a-w-   C:\WINDOWS\System32\MRT-KB890830.exe
2017-10-22 18:05:59   1408536   ----a-w-   C:\WINDOWS\SysWow64\gdi32full.dll
2017-10-22 18:04:59   20511232   ----a-w-   C:\WINDOWS\SysWow64\edgehtml.dll
2017-10-22 18:03:59   2809344   ----a-w-   C:\WINDOWS\System32\AppXDeploymentServer.dll
2017-10-22 17:22:09   --------   d---a-w-   C:\Program Files (x86)\Dell Customer Connect
2017-10-22 17:16:09   76832   ----a-w-   C:\WINDOWS\System32\drivers\avgRvrt.sys
2017-10-22 17:16:09   579584   ----a-w-   C:\WINDOWS\System32\drivers\avgSP.sys
2017-10-22 17:16:09   51336   ----a-w-   C:\WINDOWS\System32\drivers\avgbuniva.sys
2017-10-22 17:16:09   39424   ----a-w-   C:\WINDOWS\System32\drivers\avgHwid.sys
2017-10-22 17:16:09   355856   ----a-w-   C:\WINDOWS\System32\drivers\avgVmm.sys
2017-10-22 17:16:09   193768   ----a-w-   C:\WINDOWS\System32\drivers\avgStm.sys
2017-10-22 17:16:09   140192   ----a-w-   C:\WINDOWS\System32\drivers\avgMonFlt.sys
2017-10-22 17:16:09   102792   ----a-w-   C:\WINDOWS\System32\drivers\avgRdr2.sys
2017-10-22 17:16:08   336896   ----a-w-   C:\WINDOWS\System32\drivers\avgbloga.sys
2017-10-22 17:16:08   314640   ----a-w-   C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2017-10-22 17:16:08   192584   ----a-w-   C:\WINDOWS\System32\drivers\avgbidsha.sys
2017-10-22 17:16:08   166624   ----a-w-   C:\WINDOWS\System32\drivers\avgbdiska.sys
2017-10-22 17:15:23   402608   ----a-w-   C:\WINDOWS\System32\avgBoot.exe
2017-10-22 12:54:09   1890512   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
.
==================== Find3M  ====================
.
2017-09-30 05:52:01   1595152   ----a-w-   C:\WINDOWS\System32\gdi32full.dll
2017-09-30 05:51:44   1458320   ----a-w-   C:\WINDOWS\System32\msctf.dll
2017-09-30 05:51:12   1147288   ----a-w-   C:\WINDOWS\System32\hvix64.exe
2017-09-30 05:50:48   1068208   ----a-w-   C:\WINDOWS\System32\Windows.UI.dll
2017-09-30 05:50:46   1024920   ----a-w-   C:\WINDOWS\System32\hvax64.exe
2017-09-30 05:50:44   1346112   ----a-w-   C:\WINDOWS\System32\user32.dll
2017-09-30 05:49:44   777400   ----a-w-   C:\WINDOWS\System32\oleaut32.dll
2017-09-30 05:49:27   135576   ----a-w-   C:\WINDOWS\System32\drivers\ksecdd.sys
2017-09-30 05:49:25   1004136   ----a-w-   C:\WINDOWS\System32\ucrtbase.dll
2017-09-30 05:48:27   644696   ----a-w-   C:\WINDOWS\System32\advapi32.dll
2017-09-30 05:48:26   2399728   ----a-w-   C:\WINDOWS\System32\KernelBase.dll
2017-09-30 05:48:12   8319384   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2017-09-30 05:48:04   2327448   ----a-w-   C:\WINDOWS\System32\drivers\ntfs.sys
2017-09-30 05:47:28   1194792   ----a-w-   C:\WINDOWS\System32\rpcrt4.dll
2017-09-30 05:47:05   2969880   ----a-w-   C:\WINDOWS\System32\CoreUIComponents.dll
2017-09-30 05:45:54   511896   ----a-w-   C:\WINDOWS\System32\drivers\usbhub.sys
2017-09-30 05:44:52   181912   ----a-w-   C:\WINDOWS\System32\sspicli.dll
2017-09-30 05:44:03   712600   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-09-30 05:43:49   2442136   ----a-w-   C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-09-30 05:43:47   7318888   ----a-w-   C:\WINDOWS\System32\windows.storage.dll
2017-09-30 05:42:43   4848952   ----a-w-   C:\WINDOWS\explorer.exe
2017-09-30 05:42:08   1506712   ----a-w-   C:\WINDOWS\System32\twinapi.appcore.dll
2017-09-30 05:42:03   820120   ----a-w-   C:\WINDOWS\System32\WWAHost.exe
2017-09-30 05:41:48   259400   ----a-w-   C:\WINDOWS\System32\MusNotifyIcon.exe
2017-09-30 05:41:48   228248   ----a-w-   C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-09-30 05:41:47   961944   ----a-w-   C:\WINDOWS\System32\efscore.dll
2017-09-30 05:41:45   651672   ----a-w-   C:\WINDOWS\System32\SettingSyncHost.exe
2017-09-30 05:41:44   5477600   ----a-w-   C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-09-30 05:41:35   257432   ----a-w-   C:\WINDOWS\System32\AppxAllUserStore.dll
2017-09-30 05:41:28   5304496   ----a-w-   C:\WINDOWS\System32\Windows.StateRepository.dll
2017-09-30 05:41:11   654976   ----a-w-   C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-09-30 05:41:00   2086808   ----a-w-   C:\WINDOWS\System32\UpdateAgent.dll
2017-09-30 05:40:49   642680   ----a-w-   C:\WINDOWS\System32\drivers\cng.sys
2017-09-30 05:40:45   184728   ----a-w-   C:\WINDOWS\System32\drivers\appid.sys
2017-09-30 05:40:44   724704   ----a-w-   C:\WINDOWS\System32\wer.dll
2017-09-30 05:40:38   336320   ----a-w-   C:\WINDOWS\System32\SecurityHealthService.exe
2017-09-30 05:40:33   408984   ----a-w-   C:\WINDOWS\System32\msv1_0.dll
2017-09-30 05:40:29   72944   ----a-w-   C:\WINDOWS\System32\easinvoker.exe
2017-09-30 05:40:13   558912   ----a-w-   C:\WINDOWS\System32\Windows.ApplicationModel.dll
2017-09-30 05:40:03   173976   ----a-w-   C:\WINDOWS\System32\drivers\usbccgp.sys
2017-09-30 05:39:45   203672   ----a-w-   C:\WINDOWS\System32\basecsp.dll
2017-09-30 05:38:42   2239136   ----a-w-   C:\WINDOWS\System32\mfsrcsnk.dll
2017-09-30 05:38:33   7910072   ----a-w-   C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-09-30 05:36:38   2672024   ----a-w-   C:\WINDOWS\System32\drivers\tcpip.sys
2017-09-30 05:36:28   57976   ----a-w-   C:\WINDOWS\System32\lsass.exe
2017-09-30 02:29:46   804784   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.dll
2017-09-30 02:26:30   1292872   ----a-w-   C:\WINDOWS\SysWow64\user32.dll
2017-09-30 02:26:24   1333136   ----a-w-   C:\WINDOWS\SysWow64\msctf.dll
2017-09-30 02:10:34   480920   ----a-w-   C:\WINDOWS\SysWow64\advapi32.dll
2017-09-30 02:10:20   606072   ----a-w-   C:\WINDOWS\SysWow64\oleaut32.dll
2017-09-30 02:10:14   1839872   ----a-w-   C:\WINDOWS\SysWow64\KernelBase.dll
2017-09-30 02:10:08   1150776   ----a-w-   C:\WINDOWS\SysWow64\ucrtbase.dll
2017-09-30 02:09:16   2259760   ----a-w-   C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-09-30 02:09:02   787712   ----a-w-   C:\WINDOWS\SysWow64\rpcrt4.dll
2017-09-30 02:06:28   4471368   ----a-w-   C:\WINDOWS\SysWow64\explorer.exe
2017-09-30 02:05:47   750488   ----a-w-   C:\WINDOWS\SysWow64\WWAHost.exe
2017-09-30 02:05:45   5827744   ----a-w-   C:\WINDOWS\SysWow64\windows.storage.dll
2017-09-30 02:05:39   559000   ----a-w-   C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-09-30 02:05:36   1266544   ----a-w-   C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-09-30 02:05:34   2603744   ----a-w-   C:\WINDOWS\SysWow64\OneCoreUAPCommonProxyStub.dll
2017-09-30 02:04:52   612120   ----a-w-   C:\WINDOWS\SysWow64\wer.dll
2017-09-30 02:04:50   4215184   ----a-w-   C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2017-09-30 02:04:45   347544   ----a-w-   C:\WINDOWS\SysWow64\msv1_0.dll
2017-09-30 02:04:39   438096   ----a-w-   C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
2017-09-30 02:04:17   519680   ----a-w-   C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2017-09-30 02:04:13   182680   ----a-w-   C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2017-09-30 02:03:27   6768288   ----a-w-   C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-09-30 02:03:17   1439032   ----a-w-   C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-09-30 02:02:53   175512   ----a-w-   C:\WINDOWS\SysWow64\basecsp.dll
2017-09-30 02:01:54   124544   ----a-w-   C:\WINDOWS\SysWow64\sspicli.dll
2017-09-29 07:46:30   23678976   ----a-w-   C:\WINDOWS\System32\edgehtml.dll
2017-09-29 07:45:00   2953216   ----a-w-   C:\WINDOWS\SysWow64\win32kfull.sys
2017-09-29 07:44:19   133120   ----a-w-   C:\WINDOWS\SysWow64\t2embed.dll
2017-09-29 07:43:14   2199552   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-09-29 07:43:07   142336   ----a-w-   C:\WINDOWS\SysWow64\smartscreenps.dll
2017-09-29 07:43:05   60928   ----a-w-   C:\WINDOWS\SysWow64\usoapi.dll
2017-09-29 07:42:56   18944   ----a-w-   C:\WINDOWS\SysWow64\mgmtapi.dll
2017-09-29 07:41:56   13844992   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-09-29 07:41:50   50176   ----a-w-   C:\WINDOWS\SysWow64\wbem\Win32_Tpm.dll
2017-09-29 07:41:09   110080   ----a-w-   C:\WINDOWS\SysWow64\BitLockerCsp.dll
2017-09-29 07:40:57   6728192   ----a-w-   C:\WINDOWS\SysWow64\twinui.dll
2017-09-29 07:40:50   371200   ----a-w-   C:\WINDOWS\SysWow64\daxexec.dll
2017-09-29 07:40:25   86528   ----a-w-   C:\WINDOWS\SysWow64\updatepolicy.dll
2017-09-29 07:39:51   364032   ----a-w-   C:\WINDOWS\SysWow64\msIso.dll
2017-09-29 07:38:55   471040   ----a-w-   C:\WINDOWS\SysWow64\TpmCoreProvisioning.dll
2017-09-29 07:38:51   229376   ----a-w-   C:\WINDOWS\SysWow64\scksp.dll
2017-09-29 07:38:35   1135616   ----a-r-   C:\WINDOWS\SysWow64\icuuc.dll
2017-09-29 07:38:18   2671616   ----a-w-   C:\WINDOWS\SysWow64\tquery.dll
2017-09-29 07:38:15   370688   ----a-w-   C:\WINDOWS\SysWow64\FirewallAPI.dll
2017-09-29 07:38:11   463360   ----a-w-   C:\WINDOWS\SysWow64\webio.dll
2017-09-29 07:38:03   5721600   ----a-w-   C:\WINDOWS\SysWow64\BingMaps.dll
2017-09-29 07:38:03   308224   ----a-w-   C:\WINDOWS\SysWow64\cryptngc.dll
2017-09-29 07:37:45   306688   ----a-w-   C:\WINDOWS\SysWow64\Windows.Graphics.dll
2017-09-29 07:37:24   38400   ----a-w-   C:\WINDOWS\SysWow64\TokenBrokerUI.dll
2017-09-29 07:36:58   590336   ----a-w-   C:\WINDOWS\SysWow64\PCPKsp.dll
2017-09-29 07:35:32   3654656   ----a-w-   C:\WINDOWS\SysWow64\jscript9.dll
2017-09-29 07:34:53   6255616   ----a-w-   C:\WINDOWS\SysWow64\Chakra.dll
2017-09-29 07:34:46   434176   ----a-w-   C:\WINDOWS\SysWow64\twinapi.dll
2017-09-29 07:34:29   798720   ----a-w-   C:\WINDOWS\SysWow64\TokenBroker.dll
2017-09-29 07:34:29   3669504   ----a-w-   C:\WINDOWS\System32\win32kfull.sys
.
============= FINISH: 19:11:49.86 ===============
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on October 30, 2017, 05:37:52 AM
Hello Vickster3659

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
Before I start, Please can you confirm if this machine is a company machine? If so do you have permission to fix the machine?

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 01, 2017, 01:55:30 PM
Hello Vickster3659

Do you still require my help? If I don't see a reply back within 24 hours I will assume this topic can be closed.

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 02, 2017, 06:52:28 PM
Yes please....I pasted the two scans as requested, however, I will be away until Sunday afternoon.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 02, 2017, 06:58:30 PM
Hi Seedy21,  Just read your initial post to my logs.  I am familiar with how this service works, as I have received assistance on a much older computer in the past.  The system I need help with now is not a company machine, it is my personal laptop.
Thanks again, as I mentioned in my previous post, after tonight, I will be away until Sunday afternoon.
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 06, 2017, 01:43:20 AM
Hi Vickster3659

Thank you for the confirmation. Lets get the next set of Logs :-


(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save it to your Desktop.
Please copy and paste their content into your next reply.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 06, 2017, 05:51:10 PM
Thank you Seedy21.  For some reason, I no longer receive emails when a reply is added to my post, my email address has not changed.  Please be advised that I may not be able to check for any new posts every day, as my work hours vary at times, but I will check when I can.  I appreciate your assistance!

Here is addition.txt:

CodeIntegrity:
===================================
  Date: 2017-08-14 21:22:49.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz
Percentage of memory in use: 73%
Total physical RAM: 4007.56 MB
Available physical RAM: 1052.99 MB
Total Virtual: 5159.56 MB
Available Virtual: 1623.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.74 GB) (Free:383.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE328A0D)

Partition: GPT.

==================== End of Addition.txt ============================


Not enough room here for the FRST.txt file, so I'll try in another reply.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 06, 2017, 05:53:20 PM
FRST.txt is over the limit of 65000 characters, so I will zip and attach.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 06, 2017, 05:55:36 PM
FRST.txt is attached.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 07, 2017, 02:03:58 AM
Hi Vickster3659

Thank you for the logs. I will need sometime to read though them before I can give you the next steps.

In regards to not getting email from the forum when I post, Can you confirm that you have clicked notify at the top right of the topic? Also have you double checked your Spam folder if the email is in there?

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 07, 2017, 06:32:17 PM
Thank you Seedy21,
The button at the top says "unnotify" so I assume that I should be getting emails.  I will check my spam folder.  Strange, though, as last time I received help from this forum, I was getting the emails.  I will check back again tomorrow or the next day for any new posts.

Have a great evening!
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 09, 2017, 03:03:05 AM
Hi Vickster3659

Please let me know if your still not getting email alerts from Spywarehammer.

(http://i.imgur.com/ZN3USrZ.png) Emsisoft Emergency Kit
(http://i.imgur.com/yEgPemv.png)
(http://i.imgur.com/RUeRoi4.png)
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 09, 2017, 08:10:46 PM
Hi,
I am still not receiving the emails.  Here is the scan log:

Emsisoft Emergency Kit - Version 2017.10
Last update: 11/9/2017 7:10:03 PM
User account: DESKTOP-FO3J22O\Vicks
Computer name: DESKTOP-FO3J22O
OS version: Windows 10x64

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:   11/9/2017 7:25:06 PM
C:\Program Files\CCleaner\trz4561.tmp    detected: Backdoor.CCHack (A) [290413]
C:\Users\Vicks\Downloads\ccsetup533.exe    detected: Backdoor.Agent.ABXS (B) [krnl.xmd]

Scanned   311668
Found   2

Scan end:   11/9/2017 9:05:49 PM
Scan time:   1:40:43

C:\Users\Vicks\Downloads\ccsetup533.exe    Backdoor.Agent.ABXS (B)
C:\Program Files\CCleaner\trz4561.tmp    Backdoor.CCHack (A)

Quarantined   2

Thanks! Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 10, 2017, 01:55:06 AM
Thanks for the update Vickster3659. I will ask one of the Admins to have a look into your profile settings.

And finally I'd like us to scan your machine with ESET OnlineScan:
(https://i.imgur.com/c4VVzVO.png)
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
(https://i.imgur.com/yKulboi.jpg)
(https://i.imgur.com/8L8IBHJ.png)
(https://i.imgur.com/imxEgHt.png)
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 11, 2017, 10:33:59 AM
Good morning,  here is the eset scan:
C:\Users\Vicks\Downloads\ccsetup522.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup523.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup524.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup526.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup527.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup528.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup529.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup530.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup531.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup532.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   
C:\Users\Vicks\Downloads\ccsetup535.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   


It seems my issues are coming from ccleaner.....should I not use it anymore?  When I had issues with older systems, ccleaner was one of the tools I was told to use

Thanks,
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 13, 2017, 02:47:21 AM
Hi Vickster3659


Quote
It seems my issues are coming from ccleaner.....should I not use it anymore? 

Using it as a cleaner is fine, but I wouldn't recommend using the Registry Cleaner. CCleaner did get hacked and some malicous code was added to one of its versions (https://www.pcworld.com/article/3225407/security/ccleaner-downloads-infected-malware.html), but they have fixed the issue.

The machine looks clean, do you have any further issues?

Thanks

Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 13, 2017, 05:35:36 PM
Hi Seedy21,
So with that last tool you had me use, you instructed: Push the do not clean button. Doesn't this mean I still have the infection? 
Thanks,
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 15, 2017, 01:39:08 AM
Hi Vickster3659

So with that last tool you had me use, you instructed: Push the do not clean button. Doesn't this mean I still have the infection? 

The Infected version of the installer was 5.33. As Emsisoft quarantined this the other versions of the software should be fine to use. The reason it got detected by ESET is CCleaner comes bundle with some other Installers for programs people may not need or want.

Do you have any further issues with your machine?

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 15, 2017, 07:04:23 PM
Thank you! It is better.  This was not the best computer to purchase, but it fit the budget at the time.  One thing I am still not thrilled with is the start up time.  I'm sure it's because of some apps I installed upon purchase (printer, for instance).  Would you be able to assist with clearing some unnecessary start up processes?
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 16, 2017, 02:46:30 AM
Hi Vickster3659

Excellent. I would first suggest looking at the programs you have installed and remove any of them you don't use. For Example Citrix Receiver and Spotifiy both have start up calls to start the program when your machine boots up.

Let me know how you get on with this.

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 16, 2017, 06:25:57 PM
Thank you.  I deleted both those programs.  Those are about the only ones I wasn't really using.
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 19, 2017, 10:19:28 AM
Hi Seedy21,
After deleting both apps, still a bit slow on startup, and also would be great if you can make suggestions on speeding up Chrome, as it takes a while to load.
Thanks,
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 19, 2017, 01:25:50 PM
Hi Vickster3659

Please run disk defrag on your machine and let me know how this goes.

https://support.microsoft.com/en-us/help/4026701/windows-defragment-your-windows-10-pc

Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 19, 2017, 07:06:05 PM
Hi Seedy21,
OMG!  My laptop is so much better now!  I've run defrag before, but it never helped as much as it did this time.  Must have been the bug, and the two apps I deleted that were really dragging it down.
Thank you so much for your assistance!
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 20, 2017, 07:13:34 AM
If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Clean up with Delfix
Download "Delfix by Xplode" (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save it to your desktop.
If you are using Vista or higher, please right-click and choose run as administrator
Make Sure the following items are checked:
Now click on " Run " and wait patiently until the tool have completed.

The tool will create a log when it has completed. We don't need you to post this.

Make Sure Automatic Updates Are Turn On :

Turn On Automatic Updates

1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


Make your Internet Explorer more secure:
[/list]
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 20, 2017, 03:54:38 PM
Hi Seedy21,
The link here Download "Delfix by Xplode" and save it to your desktop. is giving me the following error message:

This site can’t be reached

general-changelog-team.fr’s server DNS address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN

Thanks,
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 21, 2017, 09:51:03 AM
Hi Vickster3659

Sorry for the confusion. Please go to HERE (https://download.bleepingcomputer.com/dl/be10b9fa9ecf13aca48f3b24a13fecdc/5a144ae0/windows/security/security-utilities/d/delfix/delfix_1.010.exe) instead.

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 22, 2017, 07:41:37 AM
Hi Seedy21,
Thank you, that link worked.  I've done all as instructed.  I prefer to use Google Chrome instead of IE, can you please provide the best settings for this?
Thanks,
Vickster3659
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: seedy21 on November 23, 2017, 04:16:16 PM
Hi Vickster3659

Google Chrome default settings will be fine.

Do you have any further questions regarding your machine before I close this topic?

Thanks
Title: Re: [COMPLETED] Slow performance, inadvertently clicked on suspcious link in email
Post by: Vickster3659 on November 24, 2017, 05:30:38 PM
I'm good! Thank you so much!