Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Extremely slow performance

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Extremely slow performance

Unread postby maximusdowns » June 23rd, 2018, 12:46 pm

Hello,

I believe my computer is infected with some sort of malware. It is experiencing extremely slow performance and sometimes programs will not respond at all to being opened.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Panda (administrator) on DESKTOP-FD836MB (23-06-2018 09:34:46)
Running from C:\Users\Panda\Downloads
Loaded Profiles: Panda (Available Profiles: Panda)
Platform: Windows 10 Pro 10240.16389 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{8CD08D98-A76C-4CE8-AF17-08991CE6B6A2}\67.0.3396.87_66.0.3359.181_chrome_updater.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Windows\Temp\CR_9E567.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_9E567.tmp\setup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Panda\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Panda\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2018-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a4802978-8537-4f0a-a30b-84fa6d59cbe1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-986361752-4009122850-50874618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE

FireFox:
========
FF DefaultProfile: xibflz7e.default-1528258222814
FF ProfilePath: C:\Users\Panda\AppData\Roaming\Mozilla\Firefox\Profiles\xibflz7e.default-1528258222814 [2018-06-23]
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default [2018-05-13]
CHR Extension: (Slides) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-13]
CHR Extension: (Docs) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-13]
CHR Extension: (Google Drive) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-13]
CHR Extension: (YouTube) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-13]
CHR Extension: (Gmail) - C:\Users\Panda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2018-05-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2018-05-13] (Advanced Micro Devices)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2018-05-13] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-23 09:34 - 2018-06-23 09:37 - 000007896 _____ C:\Users\Panda\Downloads\FRST.txt
2018-06-23 09:34 - 2018-06-23 09:34 - 000000000 ____D C:\FRST
2018-06-23 09:32 - 2018-06-23 09:34 - 002412544 _____ (Farbar) C:\Users\Panda\Downloads\FRST64(1).exe
2018-06-23 09:31 - 2018-06-23 09:32 - 000002359 _____ C:\Users\Panda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 09:18 - 2018-06-23 09:18 - 000016148 _____ C:\Windows\system32\DESKTOP-FD836MB_Panda_HistoryPrediction.bin
2018-06-05 21:10 - 2018-06-05 21:10 - 000000000 ____D C:\Users\Panda\Desktop\Old Firefox Data
2018-06-04 22:32 - 2018-06-04 22:35 - 002413056 _____ (Farbar) C:\Users\Panda\Downloads\FRST64.exe
2018-06-03 22:36 - 2018-06-03 22:36 - 000000000 ____D C:\Windows\system32\SleepStudy

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-23 09:36 - 2015-07-10 04:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-23 09:36 - 2015-07-10 04:04 - 000000000 ____D C:\Windows\AppReadiness
2018-06-23 09:35 - 2018-05-04 08:02 - 000000000 ___RD C:\Users\Panda\OneDrive
2018-06-23 09:31 - 2015-07-10 03:55 - 000000000 ____D C:\Windows\CbsTemp
2018-06-23 09:19 - 2018-05-13 11:56 - 000000000 ____D C:\Users\Panda\AppData\LocalLow\Mozilla
2018-06-23 09:18 - 2018-05-04 07:56 - 000000000 ____D C:\Users\Panda
2018-06-23 09:14 - 2018-05-13 11:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-23 09:14 - 2018-05-13 11:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-23 09:14 - 2015-07-10 05:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-08 07:45 - 2018-05-13 11:56 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-03 04:41 - 2015-07-10 02:05 - 000131072 ___SH C:\Windows\system32\config\BBI
2018-05-27 00:07 - 2018-05-14 22:09 - 000000000 ____D C:\Program Files\rempl
2018-05-26 23:54 - 2018-05-03 17:01 - 014882574 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-26 23:54 - 2015-07-17 01:56 - 000159918 _____ C:\Windows\system32\prfh0404.dat
2018-05-26 23:54 - 2015-07-17 01:56 - 000048888 _____ C:\Windows\system32\prfc0404.dat
2018-05-26 23:54 - 2015-07-17 01:46 - 000708630 _____ C:\Windows\system32\perfh01D.dat
2018-05-26 23:54 - 2015-07-17 01:46 - 000141976 _____ C:\Windows\system32\perfc01D.dat
2018-05-26 23:54 - 2015-07-17 01:15 - 000777106 _____ C:\Windows\system32\perfh015.dat
2018-05-26 23:54 - 2015-07-17 01:15 - 000148480 _____ C:\Windows\system32\perfc015.dat
2018-05-26 23:54 - 2015-07-17 01:06 - 000776688 _____ C:\Windows\system32\perfh013.dat
2018-05-26 23:54 - 2015-07-17 01:06 - 000150366 _____ C:\Windows\system32\perfc013.dat
2018-05-26 23:54 - 2015-07-17 00:56 - 000415588 _____ C:\Windows\system32\perfh014.dat
2018-05-26 23:54 - 2015-07-17 00:56 - 000069268 _____ C:\Windows\system32\perfc014.dat
2018-05-26 23:54 - 2015-07-17 00:36 - 000493018 _____ C:\Windows\system32\perfh011.dat
2018-05-26 23:54 - 2015-07-17 00:36 - 000130454 _____ C:\Windows\system32\perfc011.dat
2018-05-26 23:54 - 2015-07-17 00:25 - 000771270 _____ C:\Windows\system32\perfh010.dat
2018-05-26 23:54 - 2015-07-17 00:25 - 000142510 _____ C:\Windows\system32\perfc010.dat
2018-05-26 23:54 - 2015-07-17 00:06 - 000384858 _____ C:\Windows\system32\perfh00D.dat
2018-05-26 23:54 - 2015-07-17 00:06 - 000056464 _____ C:\Windows\system32\perfc00D.dat
2018-05-26 23:54 - 2015-07-16 23:59 - 000400704 _____ C:\Windows\system32\perfh00B.dat
2018-05-26 23:54 - 2015-07-16 23:59 - 000073804 _____ C:\Windows\system32\perfc00B.dat
2018-05-26 23:54 - 2015-07-16 23:50 - 000511756 _____ C:\Windows\system32\perfh008.dat
2018-05-26 23:54 - 2015-07-16 23:50 - 000081212 _____ C:\Windows\system32\perfc008.dat
2018-05-26 23:54 - 2015-07-16 23:40 - 000732530 _____ C:\Windows\system32\perfh007.dat
2018-05-26 23:54 - 2015-07-16 23:40 - 000146058 _____ C:\Windows\system32\perfc007.dat
2018-05-26 23:54 - 2015-07-16 23:30 - 000429396 _____ C:\Windows\system32\perfh006.dat
2018-05-26 23:54 - 2015-07-16 23:30 - 000071776 _____ C:\Windows\system32\perfc006.dat
2018-05-26 23:54 - 2015-07-16 02:35 - 000436050 _____ C:\Windows\system32\prfh0804.dat
2018-05-26 23:54 - 2015-07-16 02:35 - 000130454 _____ C:\Windows\system32\prfc0804.dat
2018-05-26 23:54 - 2015-07-16 02:18 - 000699408 _____ C:\Windows\system32\perfh01F.dat
2018-05-26 23:54 - 2015-07-16 02:18 - 000140910 _____ C:\Windows\system32\perfc01F.dat
2018-05-26 23:54 - 2015-07-16 02:09 - 000762324 _____ C:\Windows\system32\perfh019.dat
2018-05-26 23:54 - 2015-07-16 02:09 - 000147794 _____ C:\Windows\system32\perfc019.dat
2018-05-26 23:54 - 2015-07-16 02:00 - 000770132 _____ C:\Windows\system32\prfh0816.dat
2018-05-26 23:54 - 2015-07-16 02:00 - 000148548 _____ C:\Windows\system32\prfc0816.dat
2018-05-26 23:54 - 2015-07-16 01:51 - 000754374 _____ C:\Windows\system32\prfh0416.dat
2018-05-26 23:54 - 2015-07-16 01:51 - 000145364 _____ C:\Windows\system32\prfc0416.dat
2018-05-26 23:54 - 2015-07-16 01:42 - 000782818 _____ C:\Windows\system32\perfh00C.dat
2018-05-26 23:54 - 2015-07-16 01:42 - 000146138 _____ C:\Windows\system32\perfc00C.dat
2018-05-26 23:54 - 2015-07-16 01:33 - 000779312 _____ C:\Windows\system32\perfh00A.dat
2018-05-26 23:54 - 2015-07-16 01:33 - 000151606 _____ C:\Windows\system32\perfc00A.dat
2018-05-26 23:54 - 2015-07-16 01:24 - 000395414 _____ C:\Windows\system32\perfh001.dat
2018-05-26 23:54 - 2015-07-16 01:24 - 000056464 _____ C:\Windows\system32\perfc001.dat
2018-05-26 23:54 - 2015-07-10 04:02 - 000000000 ____D C:\Windows\INF
2018-05-26 11:48 - 2017-09-29 08:18 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-26 11:47 - 2015-07-16 02:50 - 000000000 ____D C:\Windows\Panther

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-03 05:50

==================== End of FRST.txt ============================

Additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Panda (23-06-2018 09:38:40)
Running from C:\Users\Panda\Downloads
Windows 10 Pro 10240.16389 (X64) (2018-05-04 01:23:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-986361752-4009122850-50874618-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-986361752-4009122850-50874618-503 - Limited - Disabled)
Guest (S-1-5-21-986361752-4009122850-50874618-501 - Limited - Disabled)
Panda (S-1-5-21-986361752-4009122850-50874618-1001 - Administrator - Enabled) => C:\Users\Panda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Microsoft OneDrive (HKU\S-1-5-21-986361752-4009122850-50874618-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20A97314-4E3C-43D0-897F-C7F1FDD4AE4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {6FA8DF9F-62FF-4B00-A168-332B8DE7333B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)
Task: {B7EC55D9-B551-41E7-9FE8-616094D04FA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-07-10 04:00 - 2015-07-10 04:00 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-16 03:03 - 2015-07-16 03:03 - 000403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-10 04:00 - 2015-07-10 04:00 - 002498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 006579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 04:00 - 2015-07-10 06:15 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:04 - 2015-07-10 04:02 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-986361752-4009122850-50874618-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-986361752-4009122850-50874618-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{41878D65-2167-4D27-A2BB-D9B929B3B588}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA1C7FCC-285D-4303-9C8E-E4AB7A1F40FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A774613-9F21-4FB2-A68D-00605C3539CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{0A01F3B7-0A60-4CF7-8303-112FF7E15498}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FF07FDD-F30E-4245-8CC4-382A2C8FFECA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{985760FC-D399-4DA8-B7FB-7DF9CC55EFC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64D71815-4563-4682-BFB2-FF0834DDA072}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76372FAB-AC41-4998-BC50-69A38DC573FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3D154315-3CE1-4AE7-A2F2-FEC49685A970}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1933A113-7DFD-49E1-81E0-FF1EBE8A2043}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7BEEB283-B28C-4799-B0C2-263ED8E694CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-05-2018 11:53:22 Windows Modules Installer
14-05-2018 21:34:06 Windows Modules Installer
27-05-2018 00:05:26 Windows Update
30-05-2018 21:24:21 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2018 09:18:32 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/23/2018 09:18:31 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a

Error: (06/23/2018 09:18:31 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=bd3762d7-270d-4760-8fb3-d829ca45278a;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a

Error: (06/23/2018 09:15:47 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (06/09/2018 08:35:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD836MB)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/09/2018 08:28:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FD836MB)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/23/2018 09:13:51 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (06/23/2018 09:13:40 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (06/23/2018 09:14:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:57:33 AM on ‎6/‎8/‎2018 was unexpected.

Error: (06/09/2018 08:55:12 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/09/2018 08:55:08 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/09/2018 08:55:02 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/09/2018 08:54:50 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/09/2018 08:54:34 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Windows Defender:
===================================
Date: 2018-06-08 07:39:57.698
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1619040C-6648-4EF3-8D7E-3120232DF14F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-06 22:07:46.929
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {169DD700-449E-42AE-B398-68C78B68AEFC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-05 21:19:06.653
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {96633E39-F2B7-4269-8D3B-9FD006EC75AE}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 22:26:07.254
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {69C2F9DF-EA07-47C4-AE04-D2064D916A09}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-03 06:51:16.816
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {078E41DE-56F6-4CC6-8526-1F145CD33194}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-27 00:05:22.202
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-06-09 08:27:41.653
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-09 08:27:37.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-04 21:26:52.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-04 21:26:51.845
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-03 04:37:49.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-03 04:37:48.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-28 08:44:58.694
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-28 08:44:58.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 8139.28 MB
Available physical RAM: 4803.6 MB
Total Virtual: 9419.28 MB
Available Virtual: 6003.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:887.55 GB) NTFS

\\?\Volume{cddd924f-bebc-4a53-9733-d7ef5882b71a}\ (Windows RE tools) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1A3085F6)

Partition: GPT.

==================== End of Addition.txt ============================

Thank you for your time and assistance,
Max
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm
Advertisement
Register to Remove

Re: Extremely slow performance

Unread postby pgmigg » June 23rd, 2018, 2:04 pm

Hello maximusdowns,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Extremely slow performance

Unread postby pgmigg » June 23rd, 2018, 2:42 pm

Hello maximusdowns,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business and/or educational network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Extremely slow performance

Unread postby pgmigg » June 29th, 2018, 11:34 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the 'Infected? Virus, malware, adware, ransomware, oh my!' forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 116 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware