Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

App Data Files Keep Appearing! Computer is Slow


  • Please log in to reply
5 replies to this topic

#1 angry@computers

angry@computers

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 24 May 2017 - 03:16 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64 
Ran by laptop (Administrator) on 24/05/2017 at  9:01:07.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4S3PKM4W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDBP6ZEL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5H9WG44 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP0AKTM9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4S3PKM4W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDBP6ZEL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5H9WG44 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP0AKTM9 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/05/2017 at  9:03:47.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


BC AdBot (Login to Remove)

 


#2 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 24 May 2017 - 03:20 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by laptop (administrator) on LAPTOP-PC (24-05-2017 09:17:28)
Running from C:\Users\laptop\Desktop
Loaded Profiles: laptop (Available Profiles: laptop)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1284569799-4081718299-317326855-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2C622BB7-9E72-41AE-BB93-F7F7C39EFF4E}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1284569799-4081718299-317326855-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1284569799-4081718299-317326855-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-05] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1284569799-4081718299-317326855-1000: @citrixonline.com/appdetectorplugin -> C:\Users\laptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-29] (Citrix Online)
 
Chrome: 
=======
CHR Profile: C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default [2017-05-24]
CHR Extension: (Google Drive) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27]
CHR Extension: (YouTube) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27]
CHR Extension: (Adblock Plus) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (uBlock Origin) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-24 09:17 - 2017-05-24 09:17 - 00008251 _____ C:\Users\laptop\Desktop\FRST.txt
2017-05-24 09:16 - 2017-05-24 09:16 - 02429952 _____ (Farbar) C:\Users\laptop\Desktop\FRST64.exe
2017-05-24 09:03 - 2017-05-24 09:03 - 00001871 _____ C:\Users\laptop\Desktop\JRT.txt
2017-05-24 08:58 - 2017-05-24 08:59 - 04110280 _____ C:\Users\laptop\Desktop\AdwCleaner.exe
2017-05-16 13:38 - 2017-05-16 13:38 - 07986864 _____ ( ) C:\Users\laptop\Downloads\AVG_Remover (1).exe
2017-05-14 13:40 - 2017-05-14 13:40 - 00000000 ____D C:\Users\laptop\AppData\Roaming\AVAST Software
2017-05-14 13:39 - 2017-05-23 12:02 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-14 13:39 - 2017-05-14 13:39 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-14 13:39 - 2017-05-14 13:39 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-14 13:39 - 2017-05-14 13:39 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-14 13:39 - 2017-05-14 13:39 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-14 13:39 - 2017-05-14 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-05-14 13:39 - 2017-05-14 13:39 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-14 13:39 - 2017-05-14 13:38 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-14 13:39 - 2017-05-14 13:38 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-14 13:39 - 2017-05-14 13:38 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-14 13:36 - 2017-05-14 13:36 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-14 13:36 - 2017-05-14 13:36 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-14 13:35 - 2017-05-14 13:36 - 06919904 _____ (AVAST Software) C:\Users\laptop\Downloads\avast_free_antivirus_setup_online.exe
2017-05-14 13:22 - 2017-05-14 13:22 - 00000039 _____ C:\Windows\SysWOW64\Stats.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-24 09:17 - 2016-10-16 11:53 - 00000000 ____D C:\FRST
2017-05-24 09:17 - 2015-06-29 18:55 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1284569799-4081718299-317326855-1000.job
2017-05-24 09:02 - 2009-07-14 05:45 - 00022288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-24 09:02 - 2009-07-14 05:45 - 00022288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-24 09:00 - 2016-08-11 12:19 - 00000000 ____D C:\AdwCleaner
2017-05-24 08:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-24 08:50 - 2015-06-29 18:55 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1284569799-4081718299-317326855-1000.job
2017-05-21 20:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-21 15:07 - 2009-07-14 06:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-21 09:19 - 2015-12-17 21:06 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Skype
2017-05-21 09:19 - 2015-08-27 15:41 - 00000000 ____D C:\Users\laptop\AppData\Local\CrashDumps
2017-05-16 23:49 - 2015-02-05 22:32 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-16 23:10 - 2015-02-05 22:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-05-14 13:29 - 2015-10-30 21:17 - 00000000 ____D C:\ProgramData\Avg
2017-05-14 13:28 - 2015-10-30 21:16 - 00000000 ____D C:\Users\laptop\AppData\Local\AvgSetupLog
2017-05-14 13:24 - 2015-10-30 22:34 - 00000000 ____D C:\Users\laptop\AppData\Roaming\AVG
2017-05-09 21:44 - 2016-07-27 12:02 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-09 21:44 - 2016-07-27 12:02 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-09 10:19 - 2015-04-07 15:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-09 09:59 - 2015-10-30 22:30 - 00000000 ____D C:\ProgramData\MFAData
2017-05-09 09:59 - 2015-06-03 12:22 - 00000000 ____D C:\Users\laptop\AppData\Local\Avg
2017-05-07 19:02 - 2015-06-29 18:55 - 00003694 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1284569799-4081718299-317326855-1000
2017-05-07 19:02 - 2015-06-29 18:55 - 00003598 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1284569799-4081718299-317326855-1000
2017-05-06 10:15 - 2015-02-10 16:34 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-29 15:38 - 2016-07-27 12:00 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 15:38 - 2016-07-27 12:00 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-08-04 14:36 - 2015-08-04 14:36 - 0000268 ___RH () C:\Users\laptop\AppData\Roaming\Printers
2015-08-04 14:37 - 2015-08-04 14:37 - 0000268 ___RH () C:\Users\laptop\AppData\Roaming\PrintingModule
2015-08-04 14:36 - 2015-08-04 14:36 - 0000268 ___RH () C:\Users\laptop\AppData\Roaming\PrintsService
2015-08-04 15:16 - 2015-08-04 15:16 - 0000268 ___RH () C:\Users\laptop\AppData\Roaming\User Pictures
2015-08-04 15:16 - 2015-08-04 15:16 - 0000268 ___RH () C:\Users\laptop\AppData\Roaming\Utilities
2015-08-04 15:12 - 2017-03-28 12:04 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2015-08-04 15:16 - 2015-08-04 15:16 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2015-08-04 14:37 - 2015-08-04 14:37 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2015-08-04 14:36 - 2015-08-04 14:50 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-08-04 14:36 - 2015-08-04 14:36 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-08-04 14:36 - 2015-08-04 14:36 - 0000268 ___RH () C:\ProgramData\Project Templates
2015-08-04 14:37 - 2015-08-04 14:37 - 0000268 ___RH () C:\ProgramData\Quartz Composer
2015-08-04 14:36 - 2015-08-04 14:36 - 0000268 ___RH () C:\ProgramData\Radio Sounds
2015-08-04 14:36 - 2015-08-04 14:36 - 0000012 ___RH () C:\ProgramData\Sampler Files
2015-08-04 14:37 - 2015-08-04 14:37 - 0000012 ___RH () C:\ProgramData\Sci-Fi
2015-08-04 14:36 - 2015-08-04 14:36 - 0000012 ___RH () C:\ProgramData\Screen Savers
2015-08-04 15:16 - 2015-08-04 15:16 - 0000268 ___RH () C:\ProgramData\WebServer
2015-08-04 15:16 - 2015-08-04 15:16 - 0000268 ___RH () C:\ProgramData\Widgets
 
Some files in TEMP:
====================
2017-05-20 17:15 - 2017-05-20 17:16 - 57906656 _____ (Skype Technologies S.A.) C:\Users\laptop\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 12:01
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by laptop (24-05-2017 09:18:07)
Running from C:\Users\laptop\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-02-01 14:56:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1284569799-4081718299-317326855-500 - Administrator - Disabled)
Guest (S-1-5-21-1284569799-4081718299-317326855-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1284569799-4081718299-317326855-1002 - Limited - Enabled)
laptop (S-1-5-21-1284569799-4081718299-317326855-1000 - Administrator - Enabled) => C:\Users\laptop
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.7 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.5.0.6956 (HKU\S-1-5-21-1284569799-4081718299-317326855-1000\...\GoToMeeting) (Version: 8.5.0.6956 - CitrixOnline)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4927.1002 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1284569799-4081718299-317326855-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.0 - Nikon)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.0 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1284569799-4081718299-317326855-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\laptop\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1284569799-4081718299-317326855-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\laptop\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1284569799-4081718299-317326855-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\laptop\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1284569799-4081718299-317326855-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\laptop\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1284569799-4081718299-317326855-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\laptop\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B94A903-A60C-4EAE-8E77-AE57CE32571D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-14] (AVAST Software)
Task: {1CEAA767-0860-4B11-AB40-2BDB768549F1} - System32\Tasks\G2MUploadTask-S-1-5-21-1284569799-4081718299-317326855-1000 => C:\Users\laptop\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe [2017-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2251CC1A-A739-4925-8554-2259D3DFB831} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3DB11AE0-FF5E-4E4C-A91A-F5FB87C74E7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-27] (Google Inc.)
Task: {5879F83E-A5DF-4B61-8602-2C0C860F0226} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks 
Task: {7FBEB1D4-ED25-482C-A55A-7C62C60499EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-27] (Google Inc.)
Task: {865374DD-F2F7-4809-B909-3C9990D7955D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-14] (AVAST Software)
Task: {D2BB9722-18B1-4097-A73D-337EF223DB89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E96F519A-7513-4BDD-8C0A-0765D237525D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1284569799-4081718299-317326855-1000 => C:\Users\laptop\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe [2017-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EB648662-DD3F-431A-8079-CAFD0941052C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {FC57ABAF-DD8C-4C81-9667-C1CE666B5E5E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-03-14] (Microsoft Corporation)
Task: {FCF443BD-26C2-484A-90AF-D37252773540} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1284569799-4081718299-317326855-1000.job => C:\Users\laptop\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1284569799-4081718299-317326855-1000.job => C:\Users\laptop\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-23 18:18 - 2017-01-31 13:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-05 22:30 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-05-14 13:38 - 2017-05-14 13:38 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-14 13:38 - 2017-05-14 13:38 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-14 13:38 - 2017-05-14 13:38 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-24 08:52 - 2017-05-24 08:52 - 06085688 _____ () C:\Program Files\AVAST Software\Avast\defs\17052302\algo.dll
2017-05-14 13:38 - 2017-05-14 13:38 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-14 13:38 - 2017-05-14 13:38 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-14 13:38 - 2017-05-14 13:38 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-09-30 23:56 - 00000747 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1284569799-4081718299-317326855-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{577A799E-E93C-473E-A124-228C3A09294A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A87363D8-B83B-4383-B3EB-3D72F9CFFC97}] => (Allow) C:\Users\laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{806473AF-F799-4DD8-BAC2-0251C610BA09}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C05CC2A0-1155-45B2-A7B3-C4674558863D}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{5989D866-7897-48E7-B2FD-99C0471BDE82}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{A96FA27E-8A8E-45C3-B733-213A6A4F8FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
26-04-2017 19:00:03 Scheduled Checkpoint
04-05-2017 15:19:01 Scheduled Checkpoint
06-05-2017 19:42:09 Removed AVG
06-05-2017 19:45:37 Removed AVG 2016
14-05-2017 18:16:28 Scheduled Checkpoint
22-05-2017 10:03:57 Scheduled Checkpoint
24-05-2017 09:01:11 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/24/2017 08:54:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/24/2017 08:52:45 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/23/2017 12:02:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/22/2017 09:26:41 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/21/2017 08:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 08:45:31 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2017 08:45:31 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2017 08:45:31 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/21/2017 08:45:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (05/21/2017 08:45:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (05/21/2017 08:45:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/21/2017 08:45:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (05/21/2017 08:45:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (05/21/2017 08:45:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/21/2017 08:45:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (05/20/2017 01:17:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (05/19/2017 02:51:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (05/18/2017 10:52:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/18/2017 10:52:22 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (05/16/2017 11:50:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 31%
Total physical RAM: 3892.55 MB
Available physical RAM: 2673.57 MB
Total Virtual: 7783.29 MB
Available Virtual: 6536.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:392.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FB508AE8)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 24 May 2017 - 03:21 AM

Any help would be much appreciated. Thanks in advance. 



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:39 AM

Posted 27 May 2017 - 04:26 PM

hi,

Still need help? Usually only online once or twice per day so you may not get a response back from me until the following day. Do you see three folders in AppData: Local, LocalLow and Roaming? Not sure what you are seeing but these folders can be populated with files and more folders.

How Can I Reduce My Risk to Malware?


#5 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 29 May 2017 - 03:55 AM

Hi,

Yes, I have those folders.



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:39 AM

Posted 31 May 2017 - 05:32 PM

Ok, its normal to have more folders and files within those folders. Log looks ok, dont see anything that looks like malware and you have run JRT and adwcleaner. Dosnt appear to be malware related anyway, the running slow problem I mean.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users