tomj25 Posted July 25, 2016 Posted July 25, 2016 hi all, im looking for a bit of help with my laptop, its a dell n5010 windows 7 i3 home premium 64bit, up until a few months ago it was great but has started to run so slow and the fan is running all the time on what seems like the highest speed possible, i have run scans but it never finds anything so im hoping someone can give me help in fixing whatever is wrong, thanks tom Malwarebytes Anti-Malware http://www.malwarebytes.org Scan Date: 25/07/2016 Scan Time: 12:19 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.25.01 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: tom Scan Type: Threat Scan Result: Completed Objects Scanned: 318064 Time Elapsed: 31 min, 33 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016 Ran by tom (2016-07-25 12:55:21) Running from C:\Users\tom\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-08-13 18:42:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2134292529-3043326613-3165962306-500 - Administrator - Disabled) Guest (S-1-5-21-2134292529-3043326613-3165962306-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2134292529-3043326613-3165962306-1004 - Limited - Enabled) tom (S-1-5-21-2134292529-3043326613-3165962306-1000 - Administrator - Enabled) => C:\Users\tom ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{F1D737AB-71A7-4D25-BB94-79DB090D6FF9}) (Version: 1.5.402.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.1 - ArcSoft) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.66 - ArcSoft) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.) Dell Stage (HKLM-x32\...\{FC45E4D6-FEA5-4091-B172-4351D130C2E1}) (Version: 1.7.209.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell System Detect (HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell) Dell System Detect (HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1719 - CyberLink Corp.) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation) Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony) Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony) Media Go Video Playback Engine 2.20.107.05220 (HKLM-x32\...\{7348D0F2-3DAC-0BE7-4E7C-64844D2E3CA9}) (Version: 2.20.107.05220 - Sony) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6043 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 P****r (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 P****r (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 P****r (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{C075A9B4-E717-44C9-B02C-9A5AD2101BFB}) (Version: 6.5 - Silicon Laboratories, Inc.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated) TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom) Unity Web Player (HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation) Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation) Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI) Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI) Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI) Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2134292529-3043326613-3165962306-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\tom\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2134292529-3043326613-3165962306-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tom\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CB485BE-5741-4F3D-B5AD-9DA95113A4D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {1C6B80E7-FFF4-4134-95C5-2A2109206BDB} - System32\Tasks\{82E728B3-2AB5-4AAD-B0AC-BFB56DCE8259} => C:\Program Files (x86)\iTunes\iTunes.exe Task: {23F6F42D-8510-43FD-B011-1D71AA1BA0F4} - System32\Tasks\{483136C7-0B2A-40C2-9E80-BB8D1E21F464} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29] (Broadcom Corporation.) Task: {2EDB67EB-F188-444A-BAE8-E2A8D95E29C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {4CBC8E58-075E-4D56-9576-D565500E4B1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {56F63896-0ACD-416D-930A-75DEDF654AD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd) Task: {671FE88A-3FB6-4A62-B0FD-E23A9BFF6900} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {705A1533-D9C2-4C52-BCE5-D00D0910A558} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {78E40194-2C45-45F4-A309-BDA80CD546DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2134292529-3043326613-3165962306-1000Core => C:\Users\tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {81C3693F-2587-4815-A697-F8107C366088} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2134292529-3043326613-3165962306-1000 Task: {908501F3-7AE1-4BD7-989F-12205723EB60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2134292529-3043326613-3165962306-1000UA => C:\Users\tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {99B4E9F1-4745-4EB6-B259-67B9CE53CF0F} - System32\Tasks\{CE452736-F199-473C-95EB-AC5FC148D878} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29] (Broadcom Corporation.) Task: {A87EB778-2210-4C0D-A34D-BCD411B1B25F} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - tom) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: {B3119ED5-8F43-4B4E-80B5-66546DD42D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-16] (Adobe Systems Incorporated) Task: {D75374AA-EFEB-4104-9114-9A3582DAA52C} - System32\Tasks\{A85CB27A-652A-4E2B-9C3C-F6A55BF156E5} => pcalua.exe -a C:\Users\tom\Desktop\tazusb.exe -d C:\Users\tom\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2134292529-3043326613-3165962306-1000Core.job => C:\Users\tom\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2134292529-3043326613-3165962306-1000UA.job => C:\Users\tom\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - tom).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-03-05 15:21 - 2010-03-05 15:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-05 15:21 - 2010-03-05 15:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-18 03:42 - 2014-10-18 03:42 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll 2011-04-05 05:04 - 2010-06-08 16:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2016-07-13 09:24 - 2016-07-16 12:44 - 19483328 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: Motorola Device Manager => 2 MSCONFIG\Services: PST Service => 2 MSCONFIG\Services: Skype C2C Service => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupreg: "C: => MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\tom\AppData\Local\Smartbar\Application\SnapDo.exe startup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: Google Update => "C:\Users\tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{05AE64F2-6A2D-4C5C-A4A8-8AE9FD7EFD26}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{72E8EBF2-A34E-42EC-A0BC-CD7635C4F37E}] => (Allow) LPort=2869 FirewallRules: [{451DAC05-AD0D-472A-86A6-E1CC5206C0A8}] => (Allow) LPort=1900 FirewallRules: [{84912534-AE37-426C-AAB2-9F08BECD3D99}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{3C102034-E254-4A94-ABF3-898786A1D24C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{E7D8199A-1551-43CD-AA10-794791902E75}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{F28D5B0C-8A06-48CC-9969-21C80B30CAC5}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{621AC1DA-2898-4FD8-92CA-1D789B32E414}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{703FFDAF-D681-4BB3-9E90-DE5F5D58B469}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{76F8072E-FD5A-41D7-8272-CE2857934A8F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{20FD5C2B-7969-4903-9FB6-2A96967451D3}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{F50A4FE6-2654-4C39-8874-6CBAB729343A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{B5128131-AE95-4110-B9D1-E23EBD2EC4FD}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{8A1E8301-A23B-4A54-B4F4-1B5E63E0A1EE}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{00331F2F-7707-4646-820C-881A0645CD4C}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{039CD0F8-BEDB-42B5-A077-56AC461A21F0}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [TCP Query User{70F565E6-18B5-4943-BCC0-170ABF8339FD}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [uDP Query User{C6211A41-55EF-4045-8AE8-233ED224FD3A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{56651B52-E0E1-4590-95B9-4FE67BB94E14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{740F4469-5E7B-40AF-8C6A-3FA5969F6B27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{5B816F27-A75B-4C7F-B8FF-0FA3C3AA45BF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{B8B19FE9-5B61-441E-88D7-2D0C141AC097}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{B891C989-0CD1-4321-A2B4-0DD14C8233C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5DF98BE5-8199-45BB-8763-B75A65835A9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{62CE9313-0FB2-4767-A99C-DF968AD0D778}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DBD84127-A398-4E05-B175-0654CEF019EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{657F80A3-07DD-40D1-916F-F5DEE0854170}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2007F8A5-241A-4B46-990D-3D0B7AEABF20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B6298AF6-FC78-4845-983A-BCCD72FFB496}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B6DDD8F8-C593-427D-9AF6-A3F2A0180F1F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9FF1CFC9-593B-42C6-9E16-BDA2E8CBFFEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B69A3D43-0144-4999-9561-5708F13AE533}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{02C3863E-EF75-4CC2-9FE0-B9A89147431C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{95A01505-2811-4187-B257-BF6EEBB72F94}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{0812E9CE-DA66-40BD-AAC7-AA432B6ECF94}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{9A1137EF-D6EF-4285-BED1-F880DD4711BF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{7C1180EF-3259-4B4D-BC2A-E44D1B9F6962}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 01-07-2016 19:07:27 Windows Update 06-07-2016 08:54:05 Windows Update 10-07-2016 08:23:21 Windows Update 14-07-2016 08:19:46 Windows Update 18-07-2016 09:23:11 Windows Update 25-07-2016 09:08:27 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/25/2016 10:44:06 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1292016 Error: (07/25/2016 10:44:06 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1292016 Error: (07/25/2016 10:44:06 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/25/2016 10:22:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6365 Error: (07/25/2016 10:22:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6365 Error: (07/25/2016 10:22:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/25/2016 10:22:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5148 Error: (07/25/2016 10:22:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5148 Error: (07/25/2016 10:22:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/25/2016 10:22:38 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4119 System errors: ============= Error: (07/25/2016 12:57:35 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:55:03 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:47:57 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:45:07 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:40:58 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:39:10 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:35:13 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:33:49 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:23:36 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (07/25/2016 12:22:33 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 CodeIntegrity: =================================== Date: 2015-06-21 12:59:47.314 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-06-21 12:59:47.254 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 48% Total physical RAM: 5942.68 MB Available physical RAM: 3084.61 MB Total Virtual: 11883.57 MB Available Virtual: 8051.37 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:162.74 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: AA0FE720) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016 Ran by tom (administrator) on TOM-PC (25-07-2016 12:53:58) Running from C:\Users\tom\Downloads Loaded Profiles: tom & (Available Profiles: tom) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe () C:\Program Files (x86)\Mozilla Firefox\updated\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated) HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [831064 2016-07-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: {025db067-cccf-11e4-85f5-90004ee68264} - E:\Startme.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: {552f8fc4-7050-11e1-9192-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: {b1217a04-8e42-11e1-890f-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {025db067-cccf-11e4-85f5-90004ee68264} - E:\Startme.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {552f8fc4-7050-11e1-9192-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b1217a04-8e42-11e1-890f-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1708D2F1-AD0E-4BDE-9091-51BC6CF47129}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D2D53E3B-C461-4EBC-B1B8-3526FA91A15A}: [NameServer] 0.0.0.0 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.co.uk/ HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.co.uk/ SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-07] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-07] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661 FF Homepage: hxxps://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-16] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-15] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000: @talk.google.com/O1DPlugin -> C:\Users\tom\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000: @tools.google.com/Google Update;version=3 -> C:\Users\tom\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000: @tools.google.com/Google Update;version=9 -> C:\Users\tom\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-16] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\tom\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\tom\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\tom\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-16] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Users\tom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\tom\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Extension: Classic Theme Restorer - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-07-08] FF Extension: Open In Chrome - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661\extensions\openinchrome@griffeltavla.wordpress.com.xpi [2016-07-11] FF Extension: Clear Console - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661\extensions\clearConsole@penzil.com.xpi [2016-07-11] FF Extension: British English Dictionary - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661\Extensions\en-GB@dictionaries.addons.mozilla.org [2016-07-08] [not signed] FF Extension: WhatsApp™ Desktop - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661\Extensions\jid1-uqwEAwSca3FXUo@jetpack.xpi [2016-07-08] FF Extension: Adblock Plus - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ol2l4o2.default-1467098080661\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-07-19] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-07-19] [not signed] Chrome: ======= CHR Profile: C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-09] CHR Extension: (Google Docs) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09] CHR Extension: (Google Drive) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09] CHR Extension: (YouTube) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09] CHR Extension: (Google Sheets) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-09] CHR Extension: (Windows Classic Theme) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjofahcbdnggbogjamfaafkgnolfnpc [2016-07-09] CHR Extension: (Avira Browser Safety) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-09] CHR Extension: (Google Docs Offline) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-09] CHR Extension: (Gmail) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09] CHR HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\tom\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-27] CHR HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\tom\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-27] CHR HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-07-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [472112 2016-07-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [472112 2016-07-25] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1453696 2016-07-25] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG) S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-18] (Avira Operations GmbH & Co. KG) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 ALSysIO; \??\C:\Users\tom\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-25 12:53 - 2016-07-25 12:54 - 00021791 _____ C:\Users\tom\Downloads\FRST.txt 2016-07-25 11:53 - 2016-07-25 11:53 - 03712064 _____ C:\Users\tom\Downloads\AdwCleaner.exe 2016-07-25 11:52 - 2016-07-25 12:53 - 00000000 ____D C:\FRST 2016-07-25 11:51 - 2016-07-25 11:51 - 02394112 _____ (Farbar) C:\Users\tom\Downloads\FRST64.exe 2016-07-19 21:34 - 2016-07-23 08:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-07-18 19:41 - 2016-07-18 19:41 - 00262144 _____ C:\Windows\Minidump\071816-23758-01.dmp 2016-07-16 16:40 - 2016-07-16 16:40 - 00000976 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk 2016-07-16 16:40 - 2016-07-16 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2016-07-16 16:39 - 2016-07-16 16:40 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect 2016-07-16 16:39 - 2016-07-16 16:39 - 30341736 _____ (TomTom International B.V.) C:\Users\tom\Downloads\InstallMyDriveConnect(1).exe 2016-07-09 08:02 - 2016-07-18 19:42 - 00002221 _____ C:\Users\tom\Desktop\Google Chrome.lnk 2016-07-09 08:00 - 2016-07-09 08:00 - 00987728 _____ (Google Inc.) C:\Users\tom\Downloads\ChromeSetup.exe 2016-06-28 08:14 - 2016-06-28 08:14 - 00000000 ____D C:\Users\tom\Desktop\Old Firefox Data ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-25 12:33 - 2011-09-13 16:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-25 12:21 - 2009-07-14 05:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-25 12:21 - 2009-07-14 05:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-25 12:19 - 2016-04-12 10:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-25 12:18 - 2015-10-15 13:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-25 12:18 - 2015-09-27 19:04 - 00000000 ____D C:\AdwCleaner 2016-07-25 10:44 - 2014-11-06 11:26 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - tom).job 2016-07-25 09:57 - 2012-04-11 12:36 - 00000000 ___RD C:\Users\tom\Desktop\sales 2016-07-25 08:24 - 2012-10-19 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-07-25 08:22 - 2013-03-30 11:58 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-07-25 08:22 - 2013-03-30 11:58 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-07-25 00:01 - 2011-09-13 16:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-23 08:21 - 2012-05-29 16:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-07-18 19:47 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-18 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-07-18 19:42 - 2013-06-25 08:58 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-07-18 19:41 - 2011-11-25 23:01 - 00000000 ____D C:\Windows\Minidump 2016-07-18 19:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-18 19:40 - 2016-06-23 06:59 - 534751017 _____ C:\Windows\MEMORY.DMP 2016-07-16 12:44 - 2015-10-15 13:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-16 12:44 - 2014-08-21 15:54 - 00000000 ____D C:\Users\tom\AppData\Local\Adobe 2016-07-16 12:44 - 2012-04-24 20:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-16 12:44 - 2011-08-21 10:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-13 09:24 - 2012-04-24 20:41 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-13 09:24 - 2011-04-05 05:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-09 08:01 - 2011-09-13 16:24 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-08 20:18 - 2014-08-12 06:42 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-28 08:13 - 2013-10-18 13:21 - 09564672 ___SH C:\Users\tom\Desktop\Thumbs.db 2016-06-28 06:39 - 2013-06-10 17:15 - 00000000 ___RD C:\Users\tom\Desktop\tom Briefcase ==================== Files in the root of some directories ======= 2013-05-18 09:32 - 2013-05-18 09:32 - 0019881 _____ () C:\Users\tom\AppData\Roaming\UserTile.png 2013-08-10 15:31 - 2013-08-10 15:31 - 0000037 ___SH () C:\Users\tom\AppData\Local\70149b02515b3bb20dd492.47983420 2011-09-13 16:29 - 2012-01-23 13:56 - 0006144 _____ () C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-02-03 16:32 - 2016-04-15 13:00 - 0007651 _____ () C:\Users\tom\AppData\Local\resmon.resmoncfg 2015-02-13 03:47 - 2015-02-13 03:47 - 0000000 _____ () C:\Users\tom\AppData\Local\{316096C7-958D-4518-9F5F-D0FAC7A30825} 2012-02-05 22:56 - 2011-12-07 22:56 - 0000032 ____R () C:\ProgramData\hash.dat Files to move or delete: ==================== C:\ProgramData\hash.dat Some files in TEMP: ==================== C:\Users\tom\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-17 13:31 ==================== End of FRST.txt ============================ # AdwCleaner v5.009 - Logfile created 27/09/2015 at 19:04:11 # Updated 27/09/2015 by Xplode # Database : 2015-09-27.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Desktop\AdwCleaner.exe # Option : Scan # Support : hxxp://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Program Files\slimcleaner plus Folder Found : C:\ProgramData\slimware utilities inc Folder Found : C:\Users\tom\AppData\Local\slimware utilities inc Folder Found : C:\Users\tom\AppData\Roaming\iWin ***** [ Files ] ***** File Found : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\user.js File Found : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\searchplugins\avira-safesearch.xml ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : Adobe Flash Player Updater ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\SlimWare Utilities Inc Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found : HKLM\SOFTWARE\W3I Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc Key Found : [x64] HKCU\Software\SlimWare Utilities Inc Key Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Software\AppDataLow\Software\Yahoo\Companion Key Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Yahoo\Companion Key Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\AppDataLow\Software\Yahoo\Companion Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 Data Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [search Page] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [search Bar] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=TJ&userid=28d3f661-719c-4248-ba58-e46feccb0937&searchtype=ds&q={searchTerms} Key Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Data Found : HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {006ee092-9658-4fd6-bd8e-a21a348e59f5} ***** [ Web browsers ] ***** [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Avira SafeSearch"); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"social-share-button\",\"privatebrowsing-button\",\"loop-b[...] [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14a5da089202c3-071b52c1f4ba888-46544136-0-14a5da08921253\""); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.SAUTH_expires_at", "1423999540"); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"988e52eab6f7eb472e2e404a249c6345f2249cd6\""); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.SAUTH_userid", "5724037380"); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.SAUTH_utoken", "\"75291d5f87347f34ad290e2323fa0a7fcad477b6\""); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.install", "1418910009641"); [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.search_offer_disabled", "true"); [C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : uk.ask.com ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [8966 bytes] ########## # AdwCleaner v5.201 - Logfile created 25/07/2016 at 11:54:05 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-24.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Downloads\AdwCleaner.exe # Option : Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Users\Public\Documents\Downloaded Installers ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : SlimCleaner Plus (Scheduled Scan - tom) Task Found : SlimCleaner Plus (Scheduled Scan - tom) ***** [ Registry ] ***** Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Browser Infrastructure Helper ***** [ Web browsers ] ***** [C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : uk.ask.com ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [7370 bytes] - [27/09/2015 19:06:31] C:\AdwCleaner\AdwCleaner[C2].txt - [1270 bytes] - [01/12/2015 19:14:28] C:\AdwCleaner\AdwCleaner[C3].txt - [1477 bytes] - [09/12/2015 19:10:43] C:\AdwCleaner\AdwCleaner[s1].txt - [10295 bytes] - [27/09/2015 19:04:11] C:\AdwCleaner\AdwCleaner[s2].txt - [1160 bytes] - [01/12/2015 19:04:44] C:\AdwCleaner\AdwCleaner[s3].txt - [1160 bytes] - [01/12/2015 19:12:39] C:\AdwCleaner\AdwCleaner[s4].txt - [1349 bytes] - [09/12/2015 18:23:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [10588 bytes] ########## Quote
ExTS Admin Starbuck Posted July 25, 2016 ExTS Admin Posted July 25, 2016 Hi Tom and welcome to FPCH. A few observations here: up until a few months ago it was great but has started to run so slow and the fan is running all the time on what seems like the highest speed possible This is probably due to a build up of dust around the fans. A Desktop system is easy to clean out, but a laptop is a little more awkward. Take a look here for some instructions: How to Clean the Dust Out of Your Laptop MsConfig Overuse Many people frequently use MSconfig as a long term solution to control startup processes and services. You will also see many websites condoning use of MSconfig and teaching you how to use it for controlling startups. This is a very bad idea for many reasons. MSconfig was designed to be used only as a temporary debugging/troubleshooting tool. It was not meant to be used for long term solutions. MSconfig does not show all startups anyway. If you uninstall programs while they are being disabled with MSconfig, they will not be uninstall properly and you will have to resort to manual registry editing to properly get everything removed. MSconfig will leave orphan entries if/when installed software is uninstalled while under the control of MSconfig . When/if MSconfig is turned back to normal startup, it will give errors on boot due to those orphan entries. When you uncheck a service in msconfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer. You can lock malware items into your registry that you may not see anymore until some point in time where you switch back to Normal Startup mode and now you can cause total reinfection of your PC with the malware Step 1 AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Avira should have disabled Win Defender when it installed. Having Win Defender running may well conflict with Avira. Please disable Win Defender: Click Start >> Control Panel >> Windows Defender or launch from the system tray icon. Click on Tools & Settings >> Options. Under Real-time protection options, uncheck the "Real-time protection" check box. Click Save. Step 2 The last AdwCleaner report shows that only a Scan was run. There are a couple of things that it needs to clean: Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Cleaning button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[C*].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Step 3 Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\tom\Downloads. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Step 4 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 8 Update 92 and save it to your desktop. Scroll down to where it says "Java SE 8 Update 92". Click the "Download JRE " button. Accept the license agreement. select 'Windows x64.exe' from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version. In your next reply, please submit: New AdwCleaner report Fixlog.txt (from FRST ) and let me know if you managed to clean any dust out of the laptop. Thanks.fixlist.txt Quote Member of:UNITE
tomj25 Posted July 26, 2016 Author Posted July 26, 2016 hi starbuck thanks for the welcome im just going through the list of things to do, ive got to the java update but when i click the link i cant find the se 8 update 92 tom Quote
ExTS Admin Starbuck Posted July 26, 2016 ExTS Admin Posted July 26, 2016 Hi Tom, I'm at work at the moment so am having to reply from my phone. Carry on with the other steps for now and we'll come back to the Java update later. Quote Member of:UNITE
ExTS Admin Starbuck Posted July 26, 2016 ExTS Admin Posted July 26, 2016 (edited) Hi Tom, i cant find the se 8 update 92 Seems that Java has been updated again since I last checked. These instructions should make things a bit clearer............... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 8 Update 101 / 102 and save it to your desktop. Scroll down to where it says "Java SE 8 Update 101 / 102". Click the "Download JRE " button. http://img.photobucket.com/albums/v708/starbuck50/jav1_zps39iiqs4d.png Accept the license agreement. http://img.photobucket.com/albums/v708/starbuck50/jav3_zpsijnpka5i.png select 'Windows x64 offline' from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version. Edited July 26, 2016 by Starbuck Quote Member of:UNITE
tomj25 Posted July 26, 2016 Author Posted July 26, 2016 hi starbuck ive done the java update, also disabled Win Defender, the two logs i hope are the right ones tom Fix result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016 Ran by tom (2016-07-26 07:01:28) Run:1 Running from C:\Users\tom\Downloads Loaded Profiles: tom (Available Profiles: tom) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: {025db067-cccf-11e4-85f5-90004ee68264} - E:\Startme.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: {552f8fc4-7050-11e1-9192-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\...\MountPoints2: {b1217a04-8e42-11e1-890f-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {025db067-cccf-11e4-85f5-90004ee68264} - E:\Startme.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {552f8fc4-7050-11e1-9192-90004ee68264} - E:\Setup.exe HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b1217a04-8e42-11e1-890f-90004ee68264} - E:\Setup.exe BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found> S3 ALSysIO; \??\C:\Users\tom\AppData\Local\Temp\ALSysIO64.sys [X] 2016-07-25 10:44 - 2014-11-06 11:26 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - tom).job C:\ProgramData\hash.dat C:\Users\tom\AppData\Local\Temp\avgnt.exe CMD: ipconfig /flushdns EmptyTemp: Hosts: ***************** "HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully "HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{025db067-cccf-11e4-85f5-90004ee68264}" => key removed successfully HKCR\CLSID\{025db067-cccf-11e4-85f5-90004ee68264} => key not found. "HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{552f8fc4-7050-11e1-9192-90004ee68264}" => key removed successfully HKCR\CLSID\{552f8fc4-7050-11e1-9192-90004ee68264} => key not found. "HKU\S-1-5-21-2134292529-3043326613-3165962306-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1217a04-8e42-11e1-890f-90004ee68264}" => key removed successfully HKCR\CLSID\{b1217a04-8e42-11e1-890f-90004ee68264} => key not found. HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKU\S-1-5-21-2134292529-3043326613-3165962306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik" => key removed successfully ALSysIO => service removed successfully "C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - tom).job" => not found. C:\ProgramData\hash.dat => moved successfully C:\Users\tom\AppData\Local\Temp\avgnt.exe => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End ofCMD: ========= "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not restore Hosts. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15425901 B Java, Flash, Steam htmlcache => 96473 B Windows/system/drivers => 4007744 B Edge => 0 B Chrome => 60883049 B Firefox => 404900471 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 42355996 B systemprofile32 => 6172000 B LocalService => 132244 B NetworkService => 115584 B tom => 18961317 B RecycleBin => 562059000 B EmptyTemp: => 1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 07:02:05 ==== # AdwCleaner v5.023 - Logfile created 01/12/2015 at 18:04:44 # Updated 30/11/2015 by Xplode # Database : 2015-11-30.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Desktop\adwcleaner_5.023.exe # Option : Scan # Support : hxxp://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394} ***** [ Web browsers ] ***** [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Found : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1081 bytes] ########## # AdwCleaner v5.201 - Logfile created 26/07/2016 at 06:46:02 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-25.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Downloads\AdwCleaner.exe # Option : Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Users\Public\Documents\Downloaded Installers ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : SlimCleaner Plus (Scheduled Scan - tom) Task Found : SlimCleaner Plus (Scheduled Scan - tom) ***** [ Registry ] ***** Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Browser Infrastructure Helper ***** [ Web browsers ] ***** [C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : uk.ask.com ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [7370 bytes] - [27/09/2015 19:06:31] C:\AdwCleaner\AdwCleaner[C2].txt - [1270 bytes] - [01/12/2015 19:14:28] C:\AdwCleaner\AdwCleaner[C3].txt - [1477 bytes] - [09/12/2015 19:10:43] C:\AdwCleaner\AdwCleaner[s1] new scan.txt - [10672 bytes] - [25/07/2016 12:18:02] C:\AdwCleaner\AdwCleaner[s1].txt - [10672 bytes] - [27/09/2015 19:04:11] C:\AdwCleaner\AdwCleaner[s2].txt - [2555 bytes] - [01/12/2015 19:04:44] C:\AdwCleaner\AdwCleaner[s3].txt - [1160 bytes] - [01/12/2015 19:12:39] C:\AdwCleaner\AdwCleaner[s4].txt - [1349 bytes] - [09/12/2015 18:23:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2774 bytes] ########## Quote
ExTS Admin Starbuck Posted July 26, 2016 ExTS Admin Posted July 26, 2016 Hi Tom, ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1081 bytes] ########## # AdwCleaner v5.201 - Logfile created 26/07/2016 at 06:46:02 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-25.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Downloads\AdwCleaner.exe # Option : Scan # Support : https://toolslib.net/forum As you can see, the report shows that only a scan was completed.... you must select the Clean option after the initial scan has completed. http://img.photobucket.com/albums/v708/starbuck50/adw_zpsydkjo5p2.png We need to remove those items showing. Have you managed to clean out any dust from the laptop? How is the laptop running now, any better? Quote Member of:UNITE
tomj25 Posted July 26, 2016 Author Posted July 26, 2016 hi sorry about that, there was a little dust which has all been cleaned out, its running about the same, and the fan is still spinning like crazy, when i first strart it up its fine but after a few mins it just starts spinning fast and never stops till i shut it down at which point it is really hot, so im only using it for a hour or so then shuting it down to let it cool down, hope that makes sence # AdwCleaner v5.023 - Logfile created 01/12/2015 at 18:14:28 # Updated 30/11/2015 by Xplode # Database : 2015-11-30.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Desktop\adwcleaner_5.023.exe # Option : Cleaning # Support : hxxp://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394} ***** [ Web browsers ] ***** [-] [C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\a54x4uxg.default\prefs.js] [Preference] Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...] ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1191 bytes] ########## # AdwCleaner v5.201 - Logfile created 26/07/2016 at 19:18:00 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-26.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : tom - TOM-PC # Running from : C:\Users\tom\Downloads\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [9186 bytes] - [27/09/2015 19:06:31] C:\AdwCleaner\AdwCleaner[C2].txt - [2069 bytes] - [01/12/2015 19:14:28] C:\AdwCleaner\AdwCleaner[C3].txt - [1477 bytes] - [09/12/2015 19:10:43] C:\AdwCleaner\AdwCleaner[s1] new scan.txt - [10672 bytes] - [25/07/2016 12:18:02] C:\AdwCleaner\AdwCleaner[s1].txt - [10672 bytes] - [27/09/2015 19:04:11] C:\AdwCleaner\AdwCleaner[s2].txt - [2857 bytes] - [01/12/2015 19:04:44] C:\AdwCleaner\AdwCleaner[s3].txt - [2471 bytes] - [01/12/2015 19:12:39] C:\AdwCleaner\AdwCleaner[s4].txt - [1349 bytes] - [09/12/2015 18:23:50] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2591 bytes] ########## Quote
ExTS Admin Starbuck Posted July 26, 2016 ExTS Admin Posted July 26, 2016 (edited) Hi Tom, Try running a 'Clean Boot' and see if you still get these problems: Hold down the Windows key on your keyboard and press the R key. With the Run dialogue window open, type in msconfig and click the OK button. You should now be looking at the System Configuration window. Click on the Services tab. On the Services tab, youll notice a long list of services available on your PC First, check the box labeled Hide All Microsoft Services. <<<<<<<<<<< Important Next, click the Disable All button By performing these two steps, you have effectively turned off all services from third-party software developers. All Microsoft services remain intact and will be ready to load when you reboot Windows. Finally, click the OK button and reboot the system When you reboot, you may get messages that certain hardware and software are not unavailable. This is normal. Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC. Remember, running Windows like this is just temporary. Run your system for awhile and see if the problems still occur. This will help us to rule out any software conflict. To restore Windows to a normal start up functionality: Start the System Configuration Utility again (MSCONFIG) On the "General" tab: Click to select "Normal Startup" Click "OK" Choose the "Exit with Restart" option to restart your computer. Edited July 26, 2016 by Starbuck Quote Member of:UNITE
tomj25 Posted July 27, 2016 Author Posted July 27, 2016 hi starbuck been running it on the start up as you said but it has made no differance, im i looking at a laptop on the way out then tom Quote
ExTS Admin Starbuck Posted July 27, 2016 ExTS Admin Posted July 27, 2016 Hi Tom, been running it on the start up as you said but it has made no differance At least we now know the problem isn't down to a software conflict. im i looking at a laptop on the way out then One thing we should check is the running temps. If the fan is always spinning it could well be because of a overheating problem. Checking this is quite easy. Download Speccy and save it to your desktop. Double click the downloaded icon to run the installer Vista, Win7/8/10 users right click and select 'run as Administrator'. Follow the onscreen prompts...but do NOT allow it to add Google Chrome or CCleaner if asked. Make sure that 'Run Speccy' is ticked at the end and click Finish. Your system will now be analyzed and the information will appear in the Speccy window once complete. On the main window you will see the operating temperatures. http://img.photobucket.com/albums/v708/starbuck50/spec_zps9ygb2gug.png Record the temps just after you boot up the system and then record them awhile later after the fans start to go mad. We can then compare the results and have a better idea. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.