Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

I think I have a tricky infection

  • 20-03-2016 4:46pm
    #1
    WildSaffron
    Registered Users, Registered Users 2 Posts: 102 ✭✭


    Hi,

    I clicked on a "CV" link on an email - someone was looking for an internship - turns out it was from a Russian address and required some steps in order to show the word document.

    My system has really slowed down and I have tried all sorts of scans - Panda - Kaspersky etc in safe mode to no avail.

    CPU and memory use is high and I feel there are background programmes running that I can't see in task manager.

    AudioEndPointBuilder is taking a heck of a lot of memory through svchost.

    Can you help?

    Cheers,
    WS


Comments

  • #2
    jsa112
    Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    run dds and post its logs

    http://www.bleepingcomputer.com/download/dds/


  • #3
    WildSaffron
    Registered Users, Registered Users 2 Posts: 102 ✭✭WildSaffron


    DDS LOG

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.18015
    Run by User at 16:49:26 on 2016-03-26
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Windows\system32\CISVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskmgr.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
    C:\Windows\System32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mSearch Bar = hxxps://www.google.com/?trackid=sp-006
    mWinlogon: Userinit = userinit.exe,
    BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
    BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
    TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [Panda Security URL Filtering] "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
    mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    dRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    mPolicies-System: MaxGPOScriptWait = dword:600
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/201
    IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/203
    IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/204
    IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll/202
    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0BA02D7C-5144-48CA-A95E-FA125A3315E0} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0BA02D7C-5144-48CA-A95E-FA125A3315E0}\4786560224F4F4B4D41425B4564702361666560223E24374 : DHCPNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{0BA02D7C-5144-48CA-A95E-FA125A3315E0}\65F6461666F6E656D4F62696C65675966496D2831343138383 : DHCPNameServer = 192.168.0.1 192.168.0.1
    TCP: Interfaces\{0BA02D7C-5144-48CA-A95E-FA125A3315E0}\67F6461666F6E656D273345363 : DHCPNameServer = 192.168.1.1 0.0.0.0
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 16\sys\MmInternetExplorerActiveSetup.vbs
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
    x64-TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\29jsluy2.default-1459009050349\
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? dbupdate;Dropbox Update Service (dbupdate)
    R? dbupdatem;Dropbox Update Service (dbupdatem)
    R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    R? epp64;epp64
    R? EsgScanner;EsgScanner
    R? HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service
    R? IEEtwCollectorService;Internet Explorer ETW Collector Service
    R? InstallerService;Service Installer TrueKey
    R? LiveUpdateSvc;LiveUpdate
    R? MBAMProtector;MBAMProtector
    R? MBAMScheduler;MBAMScheduler
    R? MBAMService;MBAMService
    R? MBAMWebAccessControl;MBAMWebAccessControl
    R? McComponentHostService;McAfee Security Scan Component Host Service
    R? panda_url_filtering;panda_url_filtering Service
    R? panda_url_filteringd;panda_url_filteringd driver
    R? SkypeUpdate;Skype Updater
    R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    R? TsUsbFlt;TsUsbFlt
    R? TsUsbGD;Remote Desktop Generic USB Device
    R? WatAdminSvc;Windows Activation Technologies Service
    S? 5U876UVC;HP Webcam [2 MP series]
    S? AdobeUpdateService;AdobeUpdateService
    S? AGSService;Adobe Genuine Software Integrity Service
    S? AMD External Events Utility;AMD External Events Utility
    S? c2cautoupdatesvc;Skype Click to Call Updater
    S? c2cpnrsvc;Skype Click to Call PNR Service
    S? hpsrv;HP Service
    S? HWiNFO32;HWiNFO32/64 Kernel Driver
    S? NanoServiceMain;Panda Protection Service
    S? NNSALPC;NNSALPC
    S? NNSHTTP;NNSHTTP
    S? NNSHTTPS;NNSHTTPS
    S? NNSIDS;NNSIDS
    S? NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver
    S? NNSPICC;NNSPICC
    S? NNSPIHSW;NNSPIHSW
    S? NNSPOP3;NNSPOP3
    S? NNSPROT;NNSPROT
    S? NNSPRV;NNSPRV
    S? NNSSMTP;NNSSMTP
    S? NNSSTRM;NNSSTRM
    S? NNSTLSC;NNSTLSC
    S? PandaAgent;Panda Devices Agent
    S? PSINAflt;PSINAflt
    S? PSINFile;PSINFile
    S? PSINKNC;PSINKNC
    S? PSINProc;PSINProc
    S? PSINProt;PSINProt
    S? PSINReg;PSINReg
    S? PSKMAD;PSKMAD
    S? PSUAService;Panda Product Service
    S? RawDisk3;RawDisk3
    S? SmartDefragDriver;SmartDefragDriver
    S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
    .
    =============== Created Last 30 ================
    .
    2016-03-26 16:18:26 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.6900.dll
    2016-03-26 16:15:26
    d
    w- C:\ProgramData\McAfee Security Scan
    2016-03-26 16:15:21
    d
    w- C:\Program Files (x86)\McAfee Security Scan
    2016-03-26 16:15:02
    d
    w- C:\Program Files\TrueKey
    2016-03-26 14:01:06 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.1544.dll
    2016-03-24 17:31:53 5306560 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2016-03-22 21:03:52 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.2856.dll
    2016-03-21 17:08:58
    d
    w- C:\Users\User\AppData\Local\LiveChat,_Inc
    2016-03-21 16:15:06 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.4016.dll
    2016-03-20 19:08:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.4448.dll
    2016-03-20 16:25:04 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.4812.dll
    2016-03-20 16:22:06
    d
    w- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
    2016-03-20 15:33:51 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.3900.dll
    2016-03-20 15:22:17
    d
    w- C:\Users\User\AppData\Local\NovaMind
    2016-03-20 15:20:58
    d
    w- C:\Program Files (x86)\NovaMind Software
    2016-03-19 14:59:09 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\offreg.3060.dll
    2016-03-19 14:47:45
    d
    w- C:\ProgramData\Kaspersky Lab Setup Files
    2016-03-19 08:03:54 11249080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D6D01A4-C789-4310-9975-BAE0B1EE47E0}\mpengine.dll
    2016-03-12 11:29:33 96600 ----a-w- C:\Windows\System32\bcmwlcoi.dll
    2016-03-12 11:29:33 7789304 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
    2016-03-12 11:29:32 4401152 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
    2016-03-12 11:29:32 3667968 ----a-w- C:\Windows\System32\bcmihvui64.dll
    2016-03-12 11:28:04
    d
    w- C:\Program Files\Realtek
    2016-03-12 11:25:22 44544 ----a-w- C:\Windows\System32\5U876.ax
    2016-03-12 11:25:22 144768 ----a-w- C:\Windows\System32\drivers\5U876.sys
    2016-03-12 11:25:22 123392 ----a-w- C:\Windows\System32\5U876.dll
    2016-03-12 11:25:21 35328 ----a-w- C:\Windows\SysWow64\5U876.ax
    2016-03-12 11:23:46 496128 ----a-w- C:\Windows\System32\yk62x64.dll
    2016-03-12 11:23:46 395264 ----a-w- C:\Windows\System32\drivers\yk62x64.sys
    2016-03-12 11:23:10 31040 ----a-w- C:\Windows\System32\hpservice.exe
    2016-03-12 11:23:09 21312 ----a-w- C:\Windows\System32\accelerometerdll.DLL
    2016-03-12 11:23:09 18240 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll
    2016-03-12 11:23:08 43840 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys
    2016-03-11 17:21:17
    d
    w- C:\Program Files (x86)\Canon
    2016-03-11 17:20:56 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
    2016-03-11 17:20:53 103424 ----a-w- C:\Windows\SysWow64\CNC_B5U.dll
    2016-03-11 17:20:52 320000 ----a-w- C:\Windows\SysWow64\CNC_B5L.dll
    2016-03-11 17:17:29
    d
    w- C:\ProgramData\SetupTemp
    2016-03-11 14:32:06 128288 ----a-w- C:\Windows\SysWow64\IObitSmartDefragExtension.dll
    2016-03-11 14:32:05 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
    2016-03-07 23:15:32
    d
    w- C:\Program Files (x86)\pandasecuritytb
    2016-03-07 23:15:14 61712 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
    2016-03-07 22:55:22
    d
    w- C:\Program Files\Panda Security URL Filtering
    2016-03-07 22:55:02
    d
    w- C:\Users\User\AppData\Roaming\Search The Web
    2016-03-07 20:04:25 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB5.DLL
    2016-03-07 20:04:25 100352 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB5.DLL
    2016-03-07 20:04:03 363520 ----a-w- C:\Windows\System32\CNC_B5L.dll
    2016-03-07 20:04:03 287744 ----a-w- C:\Windows\System32\CNC_B5C.dll
    2016-03-07 20:04:03 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
    2016-03-07 20:04:03 106496 ----a-w- C:\Windows\System32\CNC_B5I.dll
    2016-03-07 20:03:19 389120 ----a-w- C:\Windows\System32\CNMLMB5.DLL
    2016-03-07 15:35:06
    d
    w- C:\Program Files (x86)\WinDirStat
    2016-03-07 14:23:43
    d
    w- C:\Program Files (x86)\Dropbox
    2016-03-07 14:23:33
    d
    w- C:\Users\User\AppData\Local\Dropbox
    2016-03-07 14:23:33
    d
    w- C:\ProgramData\Dropbox
    2016-03-07 07:25:45
    d
    w- C:\searchplugins
    2016-03-07 07:25:45
    d
    w- C:\extensions
    2016-03-01 19:14:08
    d
    w- C:\Program Files (x86)\Watchtower
    2016-02-29 11:51:33
    d--h--w- C:\Users\User\AppData\Local\Mindjet
    2016-02-29 11:24:29
    d
    w- C:\ProgramData\Mindjet
    2016-02-29 11:24:14
    d
    w- C:\Program Files (x86)\Mindjet
    2016-02-29 11:20:42
    d--h--w- C:\Users\User\AppData\Local\regid.1991-06.com.microsoft
    2016-02-29 11:20:41
    d
    w- C:\Program Files\SharePoint Client Components
    2016-02-29 11:19:30
    d--h--w- C:\Users\User\AppData\Local\Downloaded Installations
    2016-02-25 20:13:30
    d
    w- C:\FRST
    .
    ==================== Find3M ====================
    .
    2016-03-26 13:37:53 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2016-03-24 17:32:23 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2016-03-24 17:32:23 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-03-12 11:23:09 31040 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys
    2016-03-10 14:09:06 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2016-03-10 14:08:58 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2016-03-10 14:08:54 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2016-02-25 11:26:07 53464 ----a-w- C:\Windows\System32\drivers\farflt.sys
    2016-02-24 07:01:32 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
    2016-02-23 21:50:50 144656 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
    2016-02-17 15:39:05 177424 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
    2016-02-17 15:39:02 264976 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
    2016-02-16 22:27:14 114960 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
    2016-02-16 22:26:43 131344 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
    2016-02-16 22:26:29 127248 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
    2016-02-16 22:26:14 171792 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
    2016-02-16 22:25:59 205072 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
    2016-01-28 18:23:50 33704 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
    .
    ============= FINISH: 16:55:28.90 ===============


    ATTACH LOG

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/11/2014 21:34:31
    System Uptime: 26/03/2016 13:36:47 (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 7011
    Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Unknown | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 109.255 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP144: 16/03/2016 03:42:48 - Windows Update
    RP145: 19/03/2016 08:01:31 - Windows Update
    RP146: 20/03/2016 15:17:58 - NovaMind
    RP147: 21/03/2016 17:06:33 - Installed LiveChat
    RP148: 26/03/2016 13:45:33 - Removed LiveChat
    .
    ==== Installed Programs ======================
    .
    7-Zip 15.05 beta x64
    Adobe Acrobat Reader DC
    Adobe Creative Cloud
    Adobe Flash Player 21 ActiveX
    Adobe Flash Player 21 NPAPI
    Adobe Help Manager
    Adobe Refresh Manager
    Calendar Sync Pro
    Canon IJ Scan Utility
    Canon MP230 series MP Drivers
    CCleaner
    ClipGrab 3.5.1
    Dropbox
    Dropbox Update Helper
    Google Chrome
    Google Update Helper
    HP Support Solutions Framework
    IObit Uninstaller
    KeePass Password Safe 1.28
    Malwarebytes Anti-Malware version 2.2.1.1043
    McAfee Security Scan Plus
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Mindjet MindManager 2016
    Mozilla Firefox 45.0.1 (x86 en-US)
    Mozilla Maintenance Service
    NovaMind
    Panda Antivirus Pro 2016
    Panda Devices Agent
    Panda Security Toolbar
    Realtek HDMI Audio Driver for ATI
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3074230)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3074550)
    Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB3054888) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB3054987) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
    Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2986254) 32-Bit Edition
    Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3054993) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB3085543) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB3055051) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB3055052) 32-Bit Edition
    SharePoint Client Components
    Skype Click to Call
    Skype™ 7.18
    Smart Defrag 4
    Surfing Protection
    Sweet Home 3D version 4.6
    TweetDeck
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3085547) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Watchtower Library 2015 - English
    WinDirStat 1.1.2
    WinHTTrack Website Copier 3.48-21 (x64)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/03/2016 16:42:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    26/03/2016 16:42:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    26/03/2016 16:40:39, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:40:39, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 16:18:00, Error: Service Control Manager [7034] - The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
    26/03/2016 16:17:47, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
    26/03/2016 16:17:34, Error: Service Control Manager [7034] - The Service Installer TrueKey service terminated unexpectedly. It has done this 1 time(s).
    26/03/2016 16:07:23, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
    26/03/2016 16:07:15, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 15:06:11, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
    26/03/2016 15:05:57, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    26/03/2016 15:05:47, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
    26/03/2016 15:05:17, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    26/03/2016 15:05:11, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    26/03/2016 15:02:55, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    26/03/2016 15:02:33, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    26/03/2016 14:00:26, Error: Service Control Manager [7034] - The Advanced SystemCare Service 8 service terminated unexpectedly. It has done this 1 time(s).
    26/03/2016 13:38:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    26/03/2016 13:38:25, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    26/03/2016 13:38:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    26/03/2016 13:37:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epp64
    26/03/2016 13:37:17, Error: Service Control Manager [7000] - The panda_url_filtering Service service failed to start due to the following error: The system cannot find the file specified.
    26/03/2016 12:36:53, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    26/03/2016 06:52:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CISVC service.
    25/03/2016 18:45:57, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    25/03/2016 11:13:36, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
    25/03/2016 11:12:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    24/03/2016 06:14:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dropbox Update Service (dbupdate) service to connect.
    24/03/2016 06:14:46, Error: Service Control Manager [7000] - The Dropbox Update Service (dbupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/03/2016 21:12:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
    22/03/2016 20:47:45, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    22/03/2016 13:11:44, Error: Service Control Manager [7022] - The HP Support Solutions Framework Service service hung on starting.
    .
    ==== End Of File ===========================


  • #4
    jsa112
    Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    looks fine but you need to get rid of panda or kaspersky, having both will slow your pc down loads


Advertisement