Slow Dell laptop

[NigelD1]

Hello,

 

Advanced Setup recommended I post here. My laptop is 9 years old - only used occasionally and it may be that my PC is so much faster that I haven't realised the difference between them. Yesterday, I needed to use it but the wait between mouse click and action was so long it made me think I had some kind of system problem. Logs attached and help appreciated in advance thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016

Ran by NED (administrator) on NED-PC (05-03-2016 11:09:09)

Running from C:\Users\NED\Downloads

Loaded Profiles: NED (Available Profiles: NED & UpdatusUser)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-03-04] (AVAST Software)

HKU\S-1-5-21-1449621726-3636976640-3606060642-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-04] (AVAST Software)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{2611C395-6493-43D7-BAD9-CCBA9A55B0E5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{D735158A-1050-4AAA-BC1A-8B01CD454D78}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-04] (AVAST Software)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-31] (LastPass)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-27] (Google Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-04] (AVAST Software)

BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-31] (LastPass)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-27] (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-31] (LastPass)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-27] (Google Inc.)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-31] (LastPass)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-27] (Google Inc.)

 

FireFox:

========

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-31] (LastPass)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-31] (LastPass)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-19] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-19] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-04]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-04]

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR DefaultSearchKeyword: Default -> lp

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()

CHR Profile: C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]

CHR Extension: (Google Drive) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]

CHR Extension: (YouTube) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]

CHR Extension: (Google Search) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]

CHR Extension: (Google Docs Offline) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]

CHR Extension: (Avast Online Security) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-16]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-03]

CHR Extension: (Gmail) - C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07]

CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-04]

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-04] (AVAST Software)

S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-09-11] (SurfRight B.V.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\psia.exe [1228504 2013-10-14] (Secunia)

S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)

S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-04] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-04] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-04] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-04] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-04] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-04] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-04] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-04] (AVAST Software)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-09-11] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-05] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R3 OEM04Vfx; C:\Windows\System32\DRIVERS\OEM04Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)

R3 OEM04Vid; C:\Windows\System32\DRIVERS\OEM04Vid.sys [265792 2007-10-10] (Creative Technology Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-05 11:09 - 2016-03-05 11:09 - 00013064 _____ C:\Users\NED\Downloads\FRST.txt

2016-03-05 11:08 - 2016-03-05 11:09 - 00000000 ____D C:\FRST

2016-03-05 11:06 - 2016-03-05 11:06 - 02374144 _____ (Farbar) C:\Users\NED\Downloads\FRST64.exe

2016-03-04 11:51 - 2016-03-04 11:51 - 00007627 _____ C:\Users\NED\AppData\Local\Resmon.ResmonCfg

2016-03-04 11:43 - 2016-03-04 11:43 - 00000000 ____D C:\Windows\pss

2016-03-04 11:11 - 2016-03-04 11:11 - 00003304 ____N C:\bootsqm.dat

2016-03-04 09:49 - 2016-03-04 09:49 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-03-04 09:48 - 2016-03-04 09:48 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-05 11:08 - 2009-07-14 04:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-03-05 11:08 - 2009-07-14 04:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-03-05 11:03 - 2014-09-11 10:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-03-05 10:59 - 2014-09-11 09:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-05 10:59 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf

2016-03-05 10:58 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-03-04 11:12 - 2014-09-11 11:03 - 00000000 ____D C:\ProgramData\NVIDIA

2016-03-04 10:16 - 2014-09-11 09:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-04 09:51 - 2014-09-11 09:06 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2016-03-04 09:51 - 2014-09-11 09:06 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

2016-03-04 09:50 - 2015-07-17 14:49 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-03-04 09:49 - 2014-09-11 18:09 - 00000000 ____D C:\Windows\CryptoGuard

2016-03-04 09:49 - 2014-09-11 09:06 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-03-04 09:49 - 2014-09-11 09:06 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2016-03-04 09:49 - 2014-09-11 09:06 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-03-04 09:49 - 2014-09-11 09:06 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-03-04 09:49 - 2014-09-11 09:06 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-03-04 09:48 - 2014-09-11 09:06 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2016-03-03 21:15 - 2014-09-12 09:09 - 00000000 ____D C:\Users\NED\AppData\Local\Adobe

2016-03-03 20:44 - 2009-07-14 05:13 - 00790522 _____ C:\Windows\system32\PerfStringBackup.INI

2016-02-24 09:22 - 2014-09-11 09:08 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-24 09:11 - 2014-09-11 09:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-02-24 09:11 - 2014-09-11 09:07 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

==================== Files in the root of some directories =======

 

2015-05-31 16:12 - 2015-05-31 16:12 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

2016-03-04 11:51 - 2016-03-04 11:51 - 0007627 _____ () C:\Users\NED\AppData\Local\Resmon.ResmonCfg

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-30 12:33

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016

Ran by NED (2016-03-05 11:10:14)

Running from C:\Users\NED\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2014-09-11 08:58:20)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1449621726-3636976640-3606060642-500 - Administrator - Disabled)

Guest (S-1-5-21-1449621726-3636976640-3606060642-501 - Limited - Disabled)

NED (S-1-5-21-1449621726-3636976640-3606060642-1000 - Administrator - Enabled) => C:\Users\NED

UpdatusUser (S-1-5-21-1449621726-3636976640-3606060642-1001 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)

EPSON XP-750 Series Printer Uninstall (HKLM\...\EPSON XP-750 Series) (Version:  - SEIKO EPSON Corporation)

FoCal 2 (Test Release) (HKLM-x32\...\{70413947-4B2C-4159-8F96-BFF94F7081A5}) (Version: 2.2.1968 - Reikan Technology)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)

Laptop Integrated Webcam Driver (1.03.01.1011)   (HKLM\...\Creative OEM004) (Version:  - )

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)

NVIDIA Graphics Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)

RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )

WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0B1EA41B-05E9-40DB-AE3E-28090AF5BD87} - System32\Tasks\AdobeAAMUpdater-1.0-NED-PC-NED => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)

Task: {0DDBD474-AFC7-40D9-BCF7-8F3037EB5AC2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1449621726-3636976640-3606060642-1000

Task: {17DF676C-5B14-407D-9164-63AF152DCD51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

Task: {3842F1CA-3B2E-4502-9EE7-2687079C8D0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

Task: {5EDB4F1C-E9D2-4CF1-AC2D-7A363518FE85} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)

Task: {7EDFAADE-746B-4040-AC75-FF92BB5997B9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-04] (AVAST Software)

Task: {89129EDD-9031-4F1A-8D86-B0A9EFB8A93C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)

Task: {BC544074-2425-4226-90A7-D5D88746BE4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

Task: {C69DC774-A29C-498B-B67B-977E801DFDF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-03-04 09:48 - 2016-03-04 09:48 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-03-04 09:48 - 2016-03-04 09:48 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-03-04 09:42 - 2016-03-04 09:42 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030400\algo.dll

2016-03-04 09:48 - 2016-03-04 09:48 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-03-05 11:02 - 2016-03-05 11:02 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030500\algo.dll

2016-01-19 12:36 - 2016-01-19 12:36 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-02-24 09:21 - 2016-02-18 04:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll

2016-02-24 09:21 - 2016-02-18 04:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-1449621726-3636976640-3606060642-1000\...\dell.com -> dell.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1449621726-3636976640-3606060642-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NED\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AESTFilters => 2

MSCONFIG\Services: Apple Mobile Device Service => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: hmpalertsvc => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: nvUpdatusService => 2

MSCONFIG\Services: Secunia PSI Agent => 2

MSCONFIG\Services: Secunia Update Agent => 2

MSCONFIG\Services: STacSV => 2

MSCONFIG\Services: Stereo Service => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

MSCONFIG\startupreg: OEM04Mon.exe => C:\Windows\OEM04Mon.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{D730E627-5AC7-4134-A655-987C54C56D03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

FirewallRules: [{FCFA8C02-2AB7-4182-BD92-95C1D6063D25}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

FirewallRules: [{9481F6DE-9915-499A-A165-5CD009F12172}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4982AE89-4059-4B6C-96BC-942A739357A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E7B714C8-7F50-41A0-BC1E-C375A9A6B6A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{9C7ACA00-1E8C-4D3F-BDBA-02FC2FFD7CF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{40AF6C3B-1E06-4106-86CC-B5707EE0CEFC}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{14E5A292-747A-4327-B0D3-91473B88C712}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

19-01-2016 13:11:47 Installed iTunes

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/04/2016 10:54:00 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {da224032-d3a6-4b59-b001-dbd0ac701746}

 

Error: (03/03/2016 08:09:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 24944

 

Error: (03/03/2016 08:09:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 24944

 

Error: (03/03/2016 08:09:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (03/03/2016 08:07:52 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: The index cannot be initialized.

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (03/03/2016 08:07:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (03/03/2016 08:07:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (03/03/2016 08:07:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found.  (HRESULT : 0x80070490) (0x80070490)

 

Error: (03/03/2016 08:07:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (03/03/2016 08:07:50 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: The Windows Search Service cannot load the property store information.

 

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

 

 

System errors:

=============

Error: (03/05/2016 11:00:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/04/2016 11:46:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/04/2016 11:43:51 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

%%5

 

Error: (03/04/2016 11:18:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/04/2016 11:15:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

%%5

 

Error: (03/04/2016 11:13:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/04/2016 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/04/2016 09:55:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/04/2016 09:39:03 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 21:32:51 on ‎03/‎03/‎2016 was unexpected.

 

Error: (03/03/2016 08:39:43 PM) (Source: BTHUSB) (EventID: 17) (User: )

Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

 

 

CodeIntegrity:

===================================

  Date: 2016-03-05 11:05:50.981

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-05 10:58:47.987

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 11:59:05.234

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 11:44:59.597

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 11:39:58.140

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 11:16:34.062

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 11:12:18.318

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 10:58:24.854

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 10:47:34.147

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-04 10:46:20.171

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU T8100 @ 2.10GHz

Percentage of memory in use: 50%

Total physical RAM: 3070.04 MB

Available physical RAM: 1531.45 MB

Total Virtual: 6138.29 MB

Available Virtual: 4082.61 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:148.95 GB) (Free:97.46 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: FE3B1773)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

[kevinf80]

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,

 

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete Apply Actions to any found entries.
• Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...
  

 
Next,
 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

• The file will be randomly named
• Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
• Run Dr Web
• Tick the I agree box and select continue
• Click select objects for scanning
  
  
  
  
  
• Tick all boxes as shown
• Click the wrench and select automatically apply actions to threats
  
  
  
  
  
• Press start scan
• The scan will now commence
  
  
  
  
  
• Once the scan has finished click open report <<<--- Do not miss this step
  
  
  
  
  
• A notepad will open
• Select File > Save as..
• Save it to your desktop
  

This log will be excessive,  Please attach it to your next reply…
 

Post those logs, also let me know of any remaining issues or concerns...

 

Thank you,

 

Kevin....

[NigelD1]

Thanks for responding Kevin - MWB scan log below, remainder to follow :-

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 05/03/2016

Scan Time: 16:23

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.03.05.05

Rootkit Database: v2016.02.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: NED

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 386547

Time Elapsed: 25 min, 18 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[NigelD1]

Adwcleaner log :-

 

# AdwCleaner v5.037 - Logfile created 05/03/2016 at 16:58:16

# Updated 28/02/2016 by Xplode

# Database : 2016-03-02.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : NED - NED-PC

# Running from : C:\Users\NED\Desktop\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

[-] [C:\Users\NED\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [884 bytes] - [05/03/2016 16:58:16]

C:\AdwCleaner\AdwCleaner[s1].txt - [933 bytes] - [05/03/2016 16:55:01]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1028 bytes] ##########

[NigelD1]

Cureit report attached. Loading main Chrome browser still painfully slow to load.

 

 

cureit.log

[kevinf80]

There is no evidence of malware or infection in the produced logs..... continue as follows...

 

Hitman Pro is creating Code Integrity events, can you uninstall Hitman Pro for now see if they clear.... Use the following tool for removal..

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Hitman Pro to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

 

Do the same with WinPatrol, as it does not appear to be in use...

 

Next,

 

Lets try a clean install of Chrome, see if there is any improvent. If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local  from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en
 

Install any other extensions you prefer....

 

Re- boot when complete, is there any improvement with Chrome...

 

Thanks,

 

Kevin

[NigelD1]

Thanks Kevin, I managed to do all that and Chrome is a bit quicker thanks. I had difficulty with the "unsyncing" Google stuff because I don't think I'd ever synced it in the first place unless I've looked in the wrong place. I deleted all the browsing data and hid all the files again so I think I'm good to go. Do I need to clean stuff up now? 

[kevinf80]

Yes run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... 


 

[NigelD1]

Thanks Kevin - Google still slow after reinstallation but not as bad as before. Just to let you know - the resources on Task Manager look like I'm always around 45 - 75% CPU usage whereas on my normal PC its between 4 - 5%. I can't see what's using the power other than MWB, Avast and Chrome when it's open. Any way I can check to see without taking up much more of your time?

[kevinf80]

Maybe is worthwhile running your system in a Clean Boot mode, see if there is any improvement in that mode.... instructions at the following link:

 

https://support.microsoft.com/en-us/kb/929135

 

Scroll to the instructions for Windows 7. Ensure to not disable any security or network tools...

[kevinf80]

As per your PM it would seem there is still an issue, system may still be infected or exploited. Run the following:

 

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program
  

 

Let me see the log......

[NigelD1]

Sophos results :-

 

2016-03-07 16:42:04.505 Sophos Virus Removal Tool version 2.5.5

2016-03-07 16:42:04.505 Copyright © 2009-2014 Sophos Limited. All rights reserved.

 

2016-03-07 16:42:04.505 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

 

2016-03-07 16:42:04.505 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64

2016-03-07 16:42:04.505 Checking for updates...

2016-03-07 16:42:07.937 Update progress: proxy server not available

2016-03-07 16:42:19.621 Option all = no

2016-03-07 16:42:19.621 Option recurse = yes

2016-03-07 16:42:19.621 Option archive = no

2016-03-07 16:42:19.621 Option service = yes

2016-03-07 16:42:19.621 Option confirm = yes

2016-03-07 16:42:19.621 Option sxl = yes

2016-03-07 16:42:19.637 Option max-data-age = 35

2016-03-07 16:42:19.637 Option EnableSafeClean = yes

2016-03-07 16:42:21.992 Option vdl-logging = yes

2016-03-07 16:42:21.992 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2016-03-07 16:42:21.992 Machine ID: 4819ec3bc20848bcbae49c484b94ded4

2016-03-07 16:42:21.992 Component SVRTcli.exe version 2.5.5

2016-03-07 16:42:21.992 Component control.dll version 2.5.5

2016-03-07 16:42:21.992 Component SVRTservice.exe version 2.5.5

2016-03-07 16:42:21.992 Component engine\osdp.dll version 1.44.1.2240

2016-03-07 16:42:21.992 Component engine\veex.dll version 3.64.0.2240

2016-03-07 16:42:21.992 Component engine\savi.dll version 9.0.0.2240

2016-03-07 16:42:21.992 Component rkdisk.dll version 1.5.30.0

2016-03-07 16:42:21.992 Version info: Product version 2.5.5

2016-03-07 16:42:21.992 Version info: Detection engine 3.64.0

2016-03-07 16:42:21.992 Version info: Detection data 5.24

2016-03-07 16:42:21.992 Version info: Build date 09/02/2016

2016-03-07 16:42:21.992 Version info: Data files added 301

2016-03-07 16:42:21.992 Version info: Last successful update (not yet updated)

2016-03-07 16:42:31.652 Update error: failed to read remote metadata (error 4)

Cannot locate server for http://dci.sophosupd.com/update/b/5a/b5afcacaaa5a57415b13db9f7a0c28fc.xml

 

2016-03-07 17:07:30.784 Could not open C:\hiberfil.sys

2016-03-07 17:07:32.407 Could not open C:\pagefile.sys

2016-03-07 17:15:04.752 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-03-07 17:15:04.752 Could not open C:\System Volume Information\{5e34dda5-beab-11e5-bb8a-001e4cdd7c00}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-03-07 17:15:04.752 Could not open C:\System Volume Information\{6c858c46-e1f6-11e5-b4cb-001e4cdd7c00}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-03-07 17:15:04.752 Could not open C:\System Volume Information\{e648165a-e44b-11e5-a050-001e4cdd7c00}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-03-07 17:15:04.752 Could not open C:\System Volume Information\{fa6c8437-e47e-11e5-8df9-001e4cdd7c00}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-03-07 17:23:21.413 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

2016-03-07 17:23:21.413 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2016-03-07 17:23:29.962 Could not open C:\Windows\System32\config\RegBack\DEFAULT

2016-03-07 17:23:29.978 Could not open C:\Windows\System32\config\RegBack\SAM

2016-03-07 17:23:29.978 Could not open C:\Windows\System32\config\RegBack\SECURITY

2016-03-07 17:23:29.978 Could not open C:\Windows\System32\config\RegBack\SOFTWARE

2016-03-07 17:23:29.978 Could not open C:\Windows\System32\config\RegBack\SYSTEM

2016-03-07 17:47:12.800 SafeClean bin directory is empty.

2016-03-07 17:47:13.612 Error level 0

[kevinf80]

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
• Close the program > Don't Fix anything!
  

 

Thanks,

 

Kevin..

[NigelD1]

There you go Kevin

 

RogueKiller V12.0.1.0 [Mar  7 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : NED [Administrator]

Started from : C:\Users\NED\Desktop\RogueKiller.exe

Mode : Scan -- Date : 03/07/2016 22:20:22

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2160BH G1 ATA Device +++++

--- User ---

[MBR] f6b43f059a07ec292c0e2a11acc41a61

[bSP] 0694dfb1c04173027f3bd2f1b57fcbae : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

[kevinf80]

Another clean log, one final very thorough scan and I believe we can conclude there is no malware/infection on your system if this too comes back clean....

 

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.
  

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.
  

To perform the scan:

• Make sure that Remove found threats is unchecked.
• Scan archives is checked.
• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
• Under “Enable Stealth Technology select “Change” select any extra drives in that window.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  

Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Thanks....

 

Kevin

[NigelD1]

Here you go Kevin :-

 

 C:\Users\NED\Downloads\ccsetup515.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

[kevinf80]

Hello Nigel,

 

If that is all that ESET throws up I guess we have another clean log... I believe it is safe to decide any issues you have are not malware/infection related....

 

lets try a security change, see if that gives any improvement......

 

Go here: http://filehippo.com/download_panda_free_antivirus/  Download and save Panda free AV to your desktop or a folder of your choice, Panda is very light on resources so may make a difference...

 

Next,

 

Go here: https://www.avast.com/uninstall-utility Use the removal tool to remove Avast, re-boot when complete, install Panda...

 

Does that make any difference?

 

Thank you,

 

Kevin

[NigelD1]

Sure makes a difference Kevin. Last report was that Photoshop opened in 40 - 70 seconds. When I uninstalled Avast and installed Panda it came up in 10 seconds. I think job well done Kevin thanks very much. 

[kevinf80]

Thanks for the update Nigel, I guess we can call this one done....  Do not hesitate to comeback in the future if you need any further help.

 

It was a pleasure to work with you...

 

Regards,

 

Kevin...

[NigelD1]

Yes - I think we're done thanks Kevin.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!