Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Performance Issues


  • Please log in to reply
10 replies to this topic

#1 sjensen1

sjensen1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 14 December 2017 - 01:00 PM

This is sort of a new post, my other post was moved to the wrong forum only because viruses were mentioned. My computer is not infected with any virus or malware. i'm experiencing a sudden drop in system performance that I have been trying to diagnose. Louis requested some information about my system, here is is:

 

Thank you Louis, here's the information you asked for:

 

Speccy:  http://speccy.piriform.com/results/0TrrfWKYsKnv0pbxqV4BHqK

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Susan (administrator) on 12-12-2017 at 09:57:51
Running from "C:\Users\Susan\Documents\System Maintenance Tools\MiniToolBox"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/09/2017 09:44:49 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 47.0.1.6018 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 185c
Start Time: 01d3714b074397f1
Termination Time: 0
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id:

Error: (12/07/2017 07:44:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.  This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {91319411-6cc7-49b3-9056-6e2e3e52ed72}

Error: (12/07/2017 07:28:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/07/2017 03:14:18 PM) (Source: Application Hang) (User: )
Description: The program uotrace.exe version 1.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: fc0
Start Time: 01d36f9f145a6e97
Termination Time: 7
Application Path: C:\Users\Susan\Desktop\uotrace.exe
Report Id: 9470b72d-db93-11e7-aaf8-fcaa14e272f9

Error: (11/29/2017 12:14:57 PM) (Source: Application Hang) (User: )
Description: The program 7DaysToDie.exe version 5.3.6.19923 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1680
Start Time: 01d3693dd7e39a56
Termination Time: 10
Application Path: E:\7_Days_to_Die_Launcher_and_Mods\Ravenhearst\21_Day_Horde_Edition\7DaysToDie.exe
Report Id: 30736830-d531-11e7-b4b1-fcaa14e272f9

Error: (11/25/2017 05:56:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: Origin.exe, version: 10.5.6.6235, time stamp: 0x59fbca6a
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0x1614
Faulting application start time: 0xOrigin.exe0
Faulting application path: Origin.exe1
Faulting module path: Origin.exe2
Report Id: Origin.exe3

Error: (11/25/2017 01:22:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: Procmon64.exe, version: 3.40.0.0, time stamp: 0x59b5a666
Faulting module name: Procmon64.exe, version: 3.40.0.0, time stamp: 0x59b5a666
Exception code: 0xc0000005
Fault offset: 0x0000000000012474
Faulting process id: 0x21a0
Faulting application start time: 0xProcmon64.exe0
Faulting application path: Procmon64.exe1
Faulting module path: Procmon64.exe2
Report Id: Procmon64.exe3

Error: (11/20/2017 09:41:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: TS4_x64.exe, version: 1.36.104.1020, time stamp: 0x59eff650
Faulting module name: Simulation_x64.dll, version: 1.200.0.311, time stamp: 0x59eff5ca
Exception code: 0xc0000005
Fault offset: 0x00000000004568ba
Faulting process id: 0x1fcc
Faulting application start time: 0xTS4_x64.exe0
Faulting application path: TS4_x64.exe1
Faulting module path: TS4_x64.exe2
Report Id: TS4_x64.exe3

Error: (11/16/2017 05:40:01 PM) (Source: Application Hang) (User: )
Description: The program eso64.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 136c
Start Time: 01d35f340eafa088
Termination Time: 0
Application Path: E:\Elder Scrolls Online\The Elder Scrolls Online\game\client\eso64.exe
Report Id: 74fcc3f9-cb27-11e7-8b73-fcaa14e272f9

Error: (11/16/2017 05:34:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Steam.exe, version: 0.0.0.0, time stamp: 0x59f7dbfb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7355e4e4
Faulting process id: 0x197c
Faulting application start time: 0xSteam.exe0
Faulting application path: Steam.exe1
Faulting module path: Steam.exe2
Report Id: Steam.exe3


System errors:
=============
Error: (12/07/2017 07:52:53 PM) (Source: Service Control Manager) (User: )
Description: The NPEService service failed to start due to the following error:  %%2 = The system cannot find the file specified.

Error: (12/07/2017 07:17:06 PM) (Source: Service Control Manager) (User: )
Description: The NPEService service failed to start due to the following error:  %%2 = The system cannot find the file specified.

Error: (12/05/2017 01:36:49 PM) (Source: Service Control Manager) (User: )
Description: The NPEService service failed to start due to the following error:  %%5 = Access is denied.

Error: (12/05/2017 01:27:37 PM) (Source: Service Control Manager) (User: )
Description: The NPEService service failed to start due to the following error:   %%5 = Access is denied.

Error: (12/04/2017 04:44:52 PM) (Source: Service Control Manager) (User: )
Description: The Origin Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/01/2017 10:58:49 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:  %%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (12/01/2017 10:58:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/01/2017 10:27:26 AM) (Source: Service Control Manager) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (12/01/2017 10:27:26 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (12/01/2017 10:26:55 AM) (Source: Service Control Manager) (User: )
Description: The NPEService service failed to start due to the following error: %%5 = Access is denied.


Microsoft Office Sessions:
=========================
Error: (12/09/2017 09:44:49 PM) (Source: Application Hang)(User: )
Description: firefox.exe47.0.1.6018185c01d3714b074397f10C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (12/07/2017 07:44:45 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {91319411-6cc7-49b3-9056-6e2e3e52ed72}

Error: (12/07/2017 07:28:53 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type= "win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (12/07/2017 03:14:18 PM) (Source: Application Hang)(User: )
Description: uotrace.exe1.0.1.0fc001d36f9f145a6e977C:\Users\Susan\Desktop\uotrace.exe9470b72d-db93-11e7-aaf8-fcaa14e272f9

Error: (11/29/2017 12:14:57 PM) (Source: Application Hang)(User: )
Description: 7DaysToDie.exe5.3.6.19923168001d3693dd7e39a5610E:\7_Days_to_Die_Launcher_and_Mods\Ravenhearst\21_Day_Horde_Edition\7DaysToDie.exe30736830-d531-11e7-b4b1-fcaa14e272f9

Error: (11/25/2017 05:56:45 AM) (Source: Application Error)(User: )
Description: Origin.exe10.5.6.623559fbca6aucrtbase.DLL10.0.10586.117159ae504640000015000846fa161401d3645e92200  4e6C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\ucrtbase.DLLb4e33fe8-d1d7-11e7-b329-fcaa14e272f9

Error: (11/25/2017 01:22:19 AM) (Source: Application Error)(User: )
Description: Procmon64.exe3.40.0.059b5a666Procmon64.exe3.40.0.059b5a666c0000005000000000001247421a001d365a80d 1dcb80C:\Users\Susan\AppData\Local\Temp\Procmon64.exeC:\Users\Susan\AppData\Local\Temp\Procmon64.exe5e605381-d1b1-11e7-b329-fcaa14e272f9

Error: (11/20/2017 09:41:11 PM) (Source: Application Error)(User: )
Description: TS4_x64.exe1.36.104.102059eff650Simulation_x64.dll1.200.0.31159eff5cac000000500000000004568ba1fcc01d 362795fc42714C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exeC:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\Simulation_x64.dlld0e2e33f-ce6d-11e7-b329-fcaa14e272f9

Error: (11/16/2017 05:40:01 PM) (Source: Application Hang)(User: )
Description: eso64.exe1.0.0.1136c01d35f340eafa0880E:\Elder Scrolls Online\The Elder Scrolls Online\game\client\eso64.exe74fcc3f9-cb27-11e7-8b73-fcaa14e272f9

Error: (11/16/2017 05:34:43 PM) (Source: Application Error)(User: )
Description: Steam.exe0.0.0.059f7dbfbunknown0.0.0.000000000c00000057355e4e4197c01d35d6cce95fc84E:\Steam Game Library\Steam\Steam.exeunknownb8656487-cb26-11e7-b34b-fcaa14e272f9


=========================== Installed Programs ============================
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7 Days to Die Dedicated Server (HKLM\...\Steam App 294420) (Version:  - )
7 Days To Die Server Manager V2 (HKLM-x32\...\{1B920B49-E20D-403F-B3B5-96FCA605DA61}_is1) (Version: 1.0.6.7 - FrontRunnerTek)
7D2D Launcher (HKCU\...\0fa300cea2469b2c) (Version: 1.0.4.5 - SphereII Software)
7D2DRAT (HKLM-x32\...\{5B5C1B88-4282-4B26-A66C-B5677A0D6A0E}) (Version: 0.1.110 - NomadSoft)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alan Wake (HKLM\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM\...\Steam App 202750) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.2.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 8.2.0.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.14.1 - Bethesda Softworks)
Brother HL-2170W (HKLM-x32\...\{44733985-CEA4-4C47-8273-36F6F827D058}) (Version: 1.00 - Brother)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
Corsair Gaming Headset Software (HKLM-x32\...\{88ADDCAA-6591-4D41-A7F1-2F38B7B049BB}) (Version: 2.0.37 - Corsair)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKCU\...\Discord) (Version: 0.0.299 - Discord Inc.)
Disney Infinity 3.0: Play Without Limits (HKLM-x32\...\Steam App 361640) (Version:  - Avalanche)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Empyrion - Galactic Survival (HKLM\...\Steam App 383120) (Version:  - Eleon Game Studios)
EVE Online (HKCU\...\{6495c2e1-8877-4f81-83c4-7f8fa28448b0}) (Version: 1.0.0 - CCP)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
GameVox 0.21.2.81 (HKLM-x32\...\{383C7B93-314C-45DC-AB87-C73A92A06938}) (Version: 0.21.2.81 - GameVox LLC) Hidden
GameVox 0.21.2.81 (HKLM-x32\...\{48c38031-d415-42c0-b2ca-104671a665e2}) (Version: 0.21.2.81 - GameVox LLC)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Infestation: The New Z (HKLM\...\Steam App 555570) (Version:  - Fredaikis AB)
InfestationWorld (HKLM-x32\...\{07651D6B-514A-4CC1-B897-7C17709BBDB6}_is1) (Version: 1.0.1 - Electronics Extreme Co., Ltd.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)

JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
KhalInstallWrapper (HKLM\...\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}) (Version: 2.00.0000 - Logitech) Hidden
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
LOOT version 0.10.3 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.10.3 - LOOT Team)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.10.3 - Marvell)
Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minion (HKCU\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.11.2.7 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
novaPDF 8 (HKLM\...\{A8626AD4-3A5A-4AC9-B630-2D4BDBBB1740}) (Version: 8.3.934 - Softland) Hidden
novaPDF 8 (HKLM-x32\...\{89a07955-98d1-4352-9aba-87a5205dd59f}) (Version: 8.3.934 - Softland)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{0A1F1D6B-9780-4316-9902-437E9449FC7C}) (Version: 8.3.934 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{6E283717-7B3F-4E26-9D0A-917933ACF199}) (Version: 8.3.934 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1CC99933-93FC-40BA-A3DD-286FB87CBF2F}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{A8A71610-DE04-4C9E-AE89-60BCA8E20453}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{0FD5EC80-F729-442E-8745-F60315842D9B}) (Version: 8.3.934 - Softland)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.11002 - Electronic Arts, Inc.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.2-r111395-release - Plays.tv, LLC)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Quake Champions (HKLM-x32\...\Quake Champions) (Version:  - Bethesda Softworks)
Quake III Arena (HKLM-x32\...\Quake III Arena) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
Savage Lands (HKLM\...\Steam App 307880) (Version:  - Signal Studios)
Sims 4 Studio (HKLM-x32\...\{870AA913-0774-4ED0-B144-BC2C0CBE4BA0}_is1) (Version: 3.1.0.4 - Sims 4 Studio)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.4.9084 - Electronic Arts)
State of Decay: Year-One (HKLM-x32\...\Steam App 329430) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Dig (HKLM-x32\...\{F81E6BA3-5772-4435-B635-D71E90130052}) (Version: 1.10.0.0 - Image & Form)
SteelSeries Engine 3.3.6.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.6.1 - SteelSeries ApS)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syberia II (HKLM-x32\...\{BF1534B0-BE09-457E-A4CF-0EFC803125F2}) (Version: 1.0.0.16 - Microids)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.36.104.1020 - Electronic Arts Inc.)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - Looking Glass Studios)
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
UFO Online: Invasion (HKLM\...\Steam App 442810) (Version:  - Bad Pixel)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.5 - Unified Intents AB)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.17 - NCH Software)
WinRAR 5.21 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.2 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 307.2016.1230.2300 - Wrye & Wrye Bash Development Team)

========================= Memory info: ===================================
Percentage of memory in use: 16%
Total physical RAM: 16368.31 MB
Available physical RAM: 13658.13 MB
Total Virtual: 67566.49 MB
Available Virtual: 63223.87 MB

========================= Partitions: =====================================
1 Drive c: (Papa Bear) (Fixed) (Total:1862.92 GB) (Free:1549.85 GB) NTFS
3 Drive e: (Storage 2TB) (Fixed) (Total:1863.01 GB) (Free:750.47 GB) NTFS
4 Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:118.6 GB) NTFS

========================= Users: ========================================
User accounts for \\PAPABEAR

Administrator            Guest                    Susan                    


**** End of log ****


Edited by hamluis, 14 December 2017 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:37 PM

Posted 14 December 2017 - 03:31 PM

Closed topic in Am I Infected forum.  Reviewing data above.

 

Aside from possible corruption issues, the data posted does not send my thoughts into a particular pattern.

 

Louis

 

Note:  Your temps are reflected using Fahrenheit scale...the consensus in the computing world employs the Celsius scale.


Edited by hamluis, 14 December 2017 - 04:42 PM.


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:37 PM

Posted 15 December 2017 - 10:41 AM

Please run sfc /scannow.

The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.

Important:  There will be a short message at the end of the scan informing you of the results.  If you receive the message "no integrity violations were found" you don't need to do anything else, no corrupt files were found.  You should watch the scan to see the results at the end of the scan.
 
1. Click on the Start orb, then type cmd in the Search box.

2. CMD will appear above the search box, right click on it and select Run as administrator.

3.When the Elevated Command Prompt opens copy and paste the command below, then press Enter.

sfc /scannow

This will start the scan.  Please allow the scan to complete.  Stopping it could damage files.

4.To find the sfc /scannow log open the start menu and click on Computer.

5. Click on the drive letter Windows 7 is installed on.  This usually is the C: drive.

6. Clik on Windows, then Logs, then CBS.

This log usually is very large, for this reason you should use a host website like Dropbox to post the log.  You can start a free 30 day trial.  Once you have loaded the log at Dropbox post a link to the website.



 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 sjensen1

sjensen1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 December 2017 - 10:50 AM

I ran the sfc/scannow, no integrity violations were found. Do you still need to see the CBS log?



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:37 PM

Posted 16 December 2017 - 10:56 AM

If there were no integrity violations you don't need to post the log.

 

How did you determine that you have no infections?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 sjensen1

sjensen1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 December 2017 - 11:04 AM

I have run multiple scans using various software. First I used Trend Micro's free online scanner, then I installed the complimentary McAfee version my ISP provides, then I uninstalled McAfee and installed a free trial of Norton Security, then went on to Malware Bytes ADWCleaner, HijackThis, and Windows Defender. Every scan I've run has come up negative on anything found. I kept going for "2nd opinions" but after this many negatives, I am very much inclined to say there's no infection.



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:37 PM

Posted 16 December 2017 - 11:18 AM

To truly determine if this computer is infected you need to run security scans other than an antivirus.  The reason that members of our Malware Removal Team run so many programs is because there is no single program which is going to find every possible infection.  This is why other programs need to be run, not another antivirus.

 

I have not seen any evidence of an infection, but there really haven't been any scans run other than an antivirus.  You should have allowed your topic to stay in the Am I Infected forum and have the needed scans run to determine if this computer is infected or not.  If you will agree to have this topic moved back to the Am I Infected forum I will post the needed scans with instruction to run them.

 

You should never run more than one antivirus.  If you have more than one antivirus running you need to uninstall all but one.

 

IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 sjensen1

sjensen1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 December 2017 - 11:25 AM

So I should assume that since no one has been direct in saying so, and that I'm being encouraged to continue to pursue the idea that there is an infection, the performance issue I'm having is not Windows related? If that be the case, then I will do as suggested and use different tools than AV software, and you can move this back to the other forum.



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:37 PM

Posted 16 December 2017 - 11:29 AM

Moved from Win 7 to Am I Infected.

 

Louis



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:37 PM

Posted 16 December 2017 - 11:37 AM

So I should assume that since no one has been direct in saying so, and that I'm being encouraged to continue to pursue the idea that there is an infection, the performance issue I'm having is not Windows related? If that be the case, then I will do as suggested and use different tools than AV software, and you can move this back to the other forum.

An infection can be responsible for a slow computer, if we run scan we will either substantiate that either there is or isn't an infection.  If nothing else this is a means of weeding out possible causes for the slowness.  Since Louis has already moved this topic to the Am I Infected forum, again, why don't we run some scans.

 

Please run the scans in the order in which they are requested.  Post the logs in  your topic, do not use a host website to post these logs unless specifically requested.   Please do not wrap your logs in quotes or code brackets or use use spoilers.

 

 

Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill and install it.

When RKill is run it will display a console screen similar to the one below:

icHPxaT.png

After this has run you will see another image explaining that RKill has finished running and you should be able to run the scan.  You need to click/tap on OK.

2Q1rnlf.png

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  When the scan has finished running a lot will be posted in Notepad.  Copy and paste this log in your topic.

Importanat: There is a possibility that malware may recognize RKill and keep it from running, if this is the case do the following.

If while RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.


Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
3.  Click Start Scan and allow the scan process to run.

yEt9i3P.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.  If threats are found you will see a screen like the one below.

I4wmZOI.png
 
***Do NOT select Delete!

Click on Continue.
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (in most cases this is c: Drive) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log in your topic.



Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

4YSU8ND.png

3)  Click on Settings, you will see a image like the one below.

35AFYEE.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

jEVtTTK.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

ZQk62WV.png

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  

CsqnoTW.png
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:37 PM

Posted 16 December 2017 - 11:45 AM

So I should assume that since no one has been direct in saying so, and that I'm being encouraged to continue to pursue the idea that there is an infection, the performance issue I'm having is not Windows related? If that be the case, then I will do as suggested and use different tools than AV software, and you can move this back to the other forum.

 

Louis has already moved this topic to the Am I Infected forum.  We need to determine if this is related to an infection, so let's run some scans.

 

You do not need to quote my posts.  This is a waste of bandwidth and time.

 

Please run the scans suggested below in the order that they are requested, this is a must for RKill.  Post the logs generated by these scans in your topic in the order they were run.  Please do not wrap your logs in quotes or code brackets or use use spoilers.


Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill and install it.

When RKill is run it will display a console screen similar to the one below:

icHPxaT.png

After this has run you will see another image explaining that RKill has finished running and you should be able to run the scan.  You need to click/tap on OK.

2Q1rnlf.png

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  When the scan has finished running a lot will be posted in Notepad.  Copy and paste this log in your topic.

Importanat: There is a possibility that malware may recognize RKill and keep it from running, if this is the case do the following.

If while RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.


Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
3.  Click Start Scan and allow the scan process to run.

yEt9i3P.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.  If threats are found you will see a screen like the one below.

I4wmZOI.png
 
***Do NOT select Delete!

Click on Continue.
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (in most cases this is c: Drive) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log in your topic.



Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

4YSU8ND.png

3)  Click on Settings, you will see a image like the one below.

35AFYEE.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

jEVtTTK.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

ZQk62WV.png

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  

CsqnoTW.png
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users