Laptop very slow

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Removing M$ Spyware

Lets remove the GWX Folder and M$ Telemetry from your machine, those are basically M$ spyware and those also will slow your machine.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type GWX into search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.

Now repeat the above process for the following words, one at a time.
[ICODE]Telemetry DiagTrack C:\Windows\System32\Tasks [/ICODE]
Remove these updates if present.

Also open add remove programs. View Installed Updates
Remove these from your machine.


KB 3035583
KB 2977759
KB 2976978
KB 2952664

Run USB Fix.
Download from here
Instructions here
Tutorial UsbFix : Search option
Tutorial UsbFix : Clean option
Post the log created after running the tool.

Disable Useless Items… Easy Service Optimizer

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


https://i.imgur.com/tnkjYlk.png

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

https://i.imgur.com/PO7tPc7.png

Optional – Uninstall these programs below with Geek Uninstaller.

4K Video Downloader 3.5 (HKLM-x32...\4K Video Downloader_is1) (Version: 3.5.6.1730 - Open Media LLC)
Amazon Music (HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\Amazon Amazon Music) (Version: 3.10.0.924 - Amazon Services LLC)
Easy SpeedUp Manager (HKLM-x32...{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
ESET Online Scanner v3 (HKLM-x32...\ESET Online Scanner) (Version: - )
NetBalancer (HKLM...\NetBalancer_is1) (Version: - SeriousBit)
NetLimiter 4 (HKLM-x32...\NetLimiter 4 4.0.5.0) (Version: 4.0.5.0 - Locktime Software)
Samsung Update Plus (HKLM-x32...{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)


Reboot the machine.
Tell me how it is running.

GWX Search

Telemetry Search

C:\Windows\System32\Tasks

############################## | UsbFix V 9.026 | [Research]

User: Philipp (Administrator) # PHILIPP-PC
Updated 12/02/2017 by SOSVirus
Started at 04:21:47 | 14/02/2017

Website : https://www.usb-antivirus.com/
Tutorial : Nos Partenaires - SOSVirus
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : Nos Partenaires - SOSVirus

################## | System information |

MB: SAMSUNG ELECTRONICS CO., LTD. (RF510/RF410/RF710)
CPU: Intel(R) Core™ i7 CPU Q 720 @ 1.60GHz
RAM → [Total : 6076 Mo | Free : 3281 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 9.00.8112.16421
WB: Google Chrome : 56.0.2924.87

################## | Security Information |

AV: avast! Antivirus [B Disabled[/B] |Updated]
AS: Windows Defender [B Disabled[/B] |B Outdated[/B]]
AS: avast! Antivirus [B Disabled[/B] |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) → Fixed disk # 233 Gb (53 Gb free - 23%) # NTFS
F:\ → Fixed disk # 231 Gb (53 Gb free - 23%) # NTFS
G:\ → Fixed disk # 100 Mb (70 Mb free - 70%) [SYSTEM] # NTFS
H:\ → Fixed disk # 344 Gb (106 Gb free - 31%) # NTFS

################## | Startup |

F2 - HKLM..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM..\Winlogon : [Shell] explorer.exe
F2 - HKLM..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU..\Run : [Spotify] “C:\Users\Philipp\AppData\Roaming\Spotify\Spotify. exe” -autostart -minimized
04 - HKCU..\Run : [CCleaner] “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
04 - HKCU..\Run : [Spotify Web Helper] “C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyW ebHelper.exe”
04 - HKLM..\Run : [AvastUI.exe] “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000..\Run : [Spotify] “C:\Users\Philipp\AppData\Roaming\Spotify\Spotify. exe” -autostart -minimized
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000..\Run : [CCleaner] “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000..\Run : [Spotify Web Helper] “C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyW ebHelper.exe”
04 - HKU\S-1-5-19..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Analysed in 8.844 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

############################## | UsbFix V 9.026 | [Clean]

User: Philipp (Administrator) # PHILIPP-PC
Updated 12/02/2017 by SOSVirus
Started at 04:22:25 | 14/02/2017

Website : https://www.usb-antivirus.com/
Tutorial : Nos Partenaires - SOSVirus
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : Nos Partenaires - SOSVirus

################## | System information |

MB: SAMSUNG ELECTRONICS CO., LTD. (RF510/RF410/RF710)
CPU: Intel(R) Core™ i7 CPU Q 720 @ 1.60GHz
RAM → [Total : 6076 Mo | Free : 3281 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 9.00.8112.16421
WB: Google Chrome : 56.0.2924.87

################## | Security Information |

AV: avast! Antivirus [B Disabled[/B] |Updated]
AS: Windows Defender [B Disabled[/B] |B Outdated[/B]]
AS: avast! Antivirus [B Disabled[/B] |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) → Fixed disk # 233 Gb (53 Gb free - 23%) # NTFS
F:\ → Fixed disk # 231 Gb (53 Gb free - 23%) # NTFS
G:\ → Fixed disk # 100 Mb (70 Mb free - 70%) [SYSTEM] # NTFS
H:\ → Fixed disk # 344 Gb (106 Gb free - 31%) # NTFS

################## | Generic Research |

################## | Startup |

F2 - HKLM..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM..\Winlogon : [Shell] explorer.exe
F2 - HKLM..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU..\Run : [Spotify] “C:\Users\Philipp\AppData\Roaming\Spotify\Spotify. exe” -autostart -minimized
04 - HKCU..\Run : [CCleaner] “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
04 - HKCU..\Run : [Spotify Web Helper] “C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyW ebHelper.exe”
04 - HKLM..\Run : [AvastUI.exe] “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000..\Run : [Spotify] “C:\Users\Philipp\AppData\Roaming\Spotify\Spotify. exe” -autostart -minimized
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000..\Run : [CCleaner] “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000..\Run : [Spotify Web Helper] “C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyW ebHelper.exe”
04 - HKU\S-1-5-19..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[01/02/2017 - 01:36:19 | A | 1 Ko] - C:\DelFix.txt
[13/02/2017 - 20:08:39 | ASH | 4666680 Ko] - C:\hiberfil.sys
[13/02/2017 - 20:08:41 | ASH | 6222244 Ko] - C:\pagefile.sys
[27/08/2013 - 16:35:30 | A | 0 Ko] - C:\search.sqlite
[02/09/2013 - 12:08:00 | D] - C:\Microsoft.NET
[09/02/2017 - 14:16:35 | D] - C:\Config.Msi
[16/06/2014 - 15:07:45 | A | 0 Ko] - C:\AVScanner.ini
[09/04/2014 - 14:13:00 | A | 478 Ko] - C:\SecurityScanner.dll
[11/02/2017 - 06:21:19 | N | 3 Ko] - C:\bootsqm.dat
[09/02/2017 - 03:02:17 | SHD] - C:$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[18/08/2013 - 15:36:21 | D] - C:\Dokumente und Einstellungen
[18/08/2013 - 15:36:21 | D] - C:\Programme
[18/08/2013 - 15:36:21 | SHD] - C:\Recovery
[27/08/2013 - 16:39:49 | D] - C:\NvidiaLogging
[02/09/2013 - 11:43:59 | D] - C:\MSBuild
[08/01/2014 - 18:52:40 | D] - C:\Users
[19/01/2015 - 16:07:32 | RHD] - C:\MSOCache
[26/06/2015 - 18:27:20 | D] - C:\DEGENER
[29/10/2016 - 19:05:54 | N | 0 Ko] - C:\asc_rdflag
[07/02/2017 - 02:55:18 | D] - C:\QuickDiag
[11/02/2017 - 05:31:08 | RD] - C:\Program Files (x86)
[11/02/2017 - 05:31:08 | HD] - C:\ProgramData
[14/02/2017 - 04:08:19 | D] - C:\Program Files
[14/02/2017 - 04:08:21 | D] - C:\Windows
[14/02/2017 - 04:18:46 | D] - C:\UsbFix
[14/02/2017 - 04:22:29 | D] - C:\FRST

################## | F:\ - Fixed drive (NTFS) |

[07/10/2014 - 16:48:19 | A | 52 Ko] - F:\bluetoothview166.zip
[31/03/2013 - 11:40:38 | A | 0 Ko] - F:\AILog.txt
[08/08/2013 - 20:34:32 | ASH | 6222244 Ko] - F:\hiberfil.sys
[04/12/2012 - 21:17:45 | A | 0 Ko] - F:\setup.log
[23/12/2011 - 10:35:37 | A | 0 Ko] - F:\user.js
[09/02/2017 - 03:02:17 | SHD] - F:$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - F:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - F:\Documents and Settings
[23/10/2010 - 03:50:42 | D] - F:\Intel
[24/07/2011 - 10:56:15 | SHD] - F:\Recovery
[24/09/2011 - 23:38:54 | D] - F:\sysupdate
[06/10/2011 - 18:48:00 | RHD] - F:\MSOCache
[20/10/2012 - 09:43:57 | D] - F:\VritualRoot
[03/11/2012 - 17:45:09 | D] - F:\NVIDIA
[03/11/2012 - 17:50:27 | D] - F:\temp
[17/05/2013 - 16:06:57 | D] - F:\Output
[25/05/2013 - 22:58:28 | RD] - F:\Users
[01/06/2013 - 20:11:38 | HD] - F:\ProgramData
[06/08/2013 - 22:05:03 | D] - F:\Windows
[02/09/2013 - 12:13:50 | RD] - F:\Program Files
[02/11/2013 - 16:04:39 | D] - F:\Advanced SystemCare 6
[19/01/2014 - 12:34:06 | D] - F:\Fraps
[18/04/2015 - 15:29:27 | D] - F:\10250f3a22f82721ca
[24/05/2015 - 15:46:14 | D] - F:\DIE SIEDLER - Das Erbe der Könige - Gold Edition
[30/05/2015 - 23:21:11 | D] - F:\XviD
[10/06/2015 - 13:02:28 | D] - F:\4K Video
[10/06/2015 - 13:46:19 | D] - F:\4kvideodownloader
[29/08/2015 - 12:43:42 | D] - F:\Program Files (x86)
[28/01/2017 - 00:28:58 | D] - F:\Freemake
[28/01/2017 - 00:33:13 | D] - F:\mp4;mp3 converter, schneideprogramm

################## | G:\ - Fixed drive (NTFS) |

[09/02/2017 - 03:02:17 | SHD] - G:$RECYCLE.BIN
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - G:\bootmgr
[29/07/2011 - 11:04:09 | SHD] - G:\BOOT

################## | H:\ - Fixed drive (NTFS) |

[01/07/2013 - 13:00:59 | A | 0 Ko] - H:\Lokaler Datenträger (C) - Verknüpfung.lnk
[01/12/2006 - 22:37:14 | A | 884 Ko] - H:\msdia80.dll
[25/07/2011 - 22:03:50 | RA | 1 Ko] - H:\MediaID.bin
[09/02/2017 - 03:02:17 | SHD] - H:$RECYCLE.BIN
[25/07/2011 - 22:21:21 | D] - H:\WindowsImageBackup
[26/07/2011 - 07:47:50 | D] - H:\be08cbf81b5496fa69b1799599ab75
[24/09/2011 - 23:38:54 | D] - H:\backup
[29/09/2011 - 14:59:10 | D] - H:\1d19b25478ebf73e7ede28d7cfc4
[13/01/2012 - 17:53:30 | D] - H:\Users
[03/04/2012 - 15:52:18 | D] - H:\Word
[14/10/2012 - 12:31:24 | D] - H:\Horror
[08/03/2013 - 23:11:32 | RD] - H:\PHILIPP-PC
[30/03/2013 - 00:29:33 | D] - H:\NVIDIA
[14/04/2013 - 19:40:14 | D] - H:\Steam
[18/08/2013 - 19:21:13 | D] - H:\641c8f59b6c1076160953ca76b
[18/01/2014 - 18:28:00 | D] - H:\Program Files
[07/04/2014 - 18:17:58 | D] - H:\FFOutput
[26/06/2014 - 15:45:59 | D] - H:\DrvInstall
[06/08/2015 - 21:08:12 | D] - H:\DiDi_DVD
[18/12/2016 - 21:39:09 | A | 0 Ko] - H:\end
[31/01/2017 - 22:07:19 | D] - H:\Program Files (x86)

Analysed in 15.46 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

I couldn’t delete the windows updates, when I go to the update history there is no button to delete the updates.

How does your machine run without the external HDD’s attached?

Scan these at virus total please.

H:\641c8f59b6c1076160953ca76b
H:\1d19b25478ebf73e7ede28d7cfc4
H:\be08cbf81b5496fa69b1799599ab75
F:\10250f3a22f82721ca

You need to double click the updates to un install them.

Also, I never got the following from you:

Shortcut.txt
FRST fixlog.txt
Everything search of diagtrack

Fix result of Farbar Recovery Scan Tool
fixlist content:

---

start
CloseProcesses:
createrestorepoint:
emptytemp:
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
cmd: sc stop Hamachi2Svc
cmd: sc config “Hamachi2Svc” start= disabled
cmd: sc stop nlsvc
cmd: sc config “nlsvc” start= disabled
cmd: sc stop WinDefend
cmd: sc config “WinDefend” start= disabled
2017-02-09 14:03 - 2017-02-09 14:11 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2017-02-09 14:03 - 2017-02-09 14:11 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-01-28 01:38 - 2017-01-29 02:08 - 00016116 ____H C:\Users\Philipp\Desktop~WRL1563.tmp
2017-02-05 04:03 - 2015-04-04 15:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2017-02-03 01:05 - 2013-08-27 18:41 - 00000000 ____D C:\Users\Philipp\AppData\LocalLow\Temp
2017-02-02 18:48 - 2016-11-10 23:32 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-01-31 17:16 - 2016-11-10 23:33 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-01-28 18:56 - 2014-04-01 19:52 - 03706368 ___SH C:\Users\Philipp\Desktop\Thumbs.db
Task: {17A04F93-676E-4E99-B675-8B2DB981C33D} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask → No File <==== ATTENTION
Task: {28EF2A43-8120-46C3-9F99-EDC30F620B95} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deTime → No File <==== ATTENTION
Task: {368A74BB-1374-4137-84E3-B04331E2B02D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {6E3EEA2F-3B8E-43CC-B912-97B99F5EDEE4} - \Microsoft\Windows\Media Center\PvrScheduleTask → No File <==== ATTENTION
Task: {76CFC989-BCF3-4C97-8873-C3917A7D2C5D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deReminderTime → No File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo → No File <==== ATTENTION
Task: {84A4DE72-FAF7-4371-A0E4-CDB4EE46ECBF} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask → No File <==== ATTENTION
Task: {DEEDAE8C-2633-409C-BB39-696D01265C77} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask → No File <==== ATTENTION
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\101hotteens.com → 101hotteens.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\101lottery.com → 101lottery.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\123expressview.com → 123expressview.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\123found.com → 123found.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\123keno.com → 123keno.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\12don.info → 12don.info
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\143fuck.com → 143fuck.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\17gamo.com → 17gamo.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\17webplace.com → 17webplace.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\180solutions.com → 180solutions.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1autocity.com → 1autocity.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1ive.net → 1ive.net
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1se.ru → 1se.ru
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1sexparty.com → 1sexparty.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1stfind.com → 1stfind.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1stpagehere.com → 1stpagehere.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1traff.us → 1traff.us
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1ze.net → 1ze.net
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\2-antispyware.com → 2-antispyware.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\2004search.cc → 2004search.cc
StartBatch:
netsh advfirewall reset
netsh advfirewall set allprofiles state ON
ipconfig /flushdns
netsh winsock reset All
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew
netsh int ipv4 reset
netsh int ipv6 reset
bitsadmin /reset /allusers
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface teredo set state disabled
netsh interface tcp set global autotuning=disabled
reg add hklm\system\currentcontrolset\services\tcpip6\para meters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF
for /F “tokens=*” %%a in (‘wevtutil.exe el’) DO wevtutil.exe cl “%%a”
EndBatch:
emptytemp:
reboot:
end

---

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.

========= sc stop Hamachi2Svc =========

[SC] ControlService FEHLER 1062:

Der Dienst wurde nicht gestartet.

========= End of CMD: =========

========= sc config “Hamachi2Svc” start= disabled =========

[SC] ChangeServiceConfig ERFOLG

========= End of CMD: =========

========= sc stop nlsvc =========

[SC] ControlService FEHLER 1053:

Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

========= End of CMD: =========

========= sc config “nlsvc” start= disabled =========

[SC] ChangeServiceConfig ERFOLG

========= End of CMD: =========

========= sc stop WinDefend =========

SERVICE_NAME: WinDefend
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

========= End of CMD: =========

========= sc config “WinDefend” start= disabled =========

[SC] ChangeServiceConfig ERFOLG

========= End of CMD: =========

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
C:\Users\Philipp\Desktop~WRL1563.tmp => moved successfully
C:\Windows\SysWOW64\GWX => moved successfully
C:\Users\Philipp\AppData\LocalLow\Temp => moved successfully
C:\Users\Public\Documents\temp.dat => moved successfully
C:\Users\Public\Documents\report.dat => moved successfully
C:\Users\Philipp\Desktop\Thumbs.db => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{17A04F9 3-676E-4E99-B675-8B2DB981C33D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{17A04F9 3-676E-4E99-B675-8B2DB981C33D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{28EF2A4 3-8120-46C3-9F99-EDC30F620B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{28EF2A4 3-8120-46C3-9F99-EDC30F620B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{368A74B B-1374-4137-84E3-B04331E2B02D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{368A74B B-1374-4137-84E3-B04331E2B02D} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{6E3EEA2 F-3B8E-43CC-B912-97B99F5EDEE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6E3EEA2 F-3B8E-43CC-B912-97B99F5EDEE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PvrScheduleTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{76CFC98 9-BCF3-4C97-8873-C3917A7D2C5D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{76CFC98 9-BCF3-4C97-8873-C3917A7D2C5D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeReminde rTime => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{81540B9 F-B5BF-47EB-9C95-BE195BF2C664} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{81540B9 F-B5BF-47EB-9C95-BE195BF2C664} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\NetTrace\GatherNetworkInfo => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{84A4DE7 2-FAF7-4371-A0E4-CDB4EE46ECBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{84A4DE7 2-FAF7-4371-A0E4-CDB4EE46ECBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DEEDAE8 C-2633-409C-BB39-696D01265C77} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DEEDAE8 C-2633-409C-BB39-696D01265C77} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\101hotteens.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\101lottery.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\123expressview.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\123found.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\123keno.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\12don.info => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\143fuck.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\17gamo.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\17webplace.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\180solutions.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1autocity.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1ive.net => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1se.ru => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1sexparty.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1stfind.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1stpagehere.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1traff.us => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1ze.net => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\2-antispyware.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\2004search.cc => key removed successfully

========= Batch: =========
OK.

OK.

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.

Schnittstelle wird zurckgesetzt, OK!
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

Windows-IP-Konfiguration

Es kann kein Vorgang auf Drahtlosnetzwerkverbindung 2 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Hamachi:

Verbindungsspezifisches DNS-Suffix: www.youtube.de
IPv6-Adresse. . . . . . . . . . . : 2620:9b::191e:9649
Verbindungslokale IPv6-Adresse . : fe80::499e:3325:fea6:3498%21
Standardgateway . . . . . . . . . : 2620:9b::1900:1

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::a597:d9e3:f83e:e196%15
Standardgateway . . . . . . . . . :

Windows-IP-Konfiguration

Es kann kein Vorgang auf LAN-Verbindung ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf Drahtlosnetzwerkverbindung 2 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Hamachi:

Verbindungsspezifisches DNS-Suffix: www.youtube.de
IPv6-Adresse. . . . . . . . . . . : 2620:9b::191e:9649
Verbindungslokale IPv6-Adresse . : fe80::499e:3325:fea6:3498%21
IPv4-Adresse . . . . . . . . . . : 25.30.150.73
Subnetzmaske . . . . . . . . . . : 255.0.0.0
Standardgateway . . . . . . . . . : 2620:9b::1900:1

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::a597:d9e3:f83e:e196%15
IPv4-Adresse . . . . . . . . . . : 192.168.0.101
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 192.168.0.1
Schnittstelle wird zurckgesetzt, OK!
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

Unicastadresse wird zurckgesetzt, OK!
Route wird zurckgesetzt, OK!
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {B2628311-CDD8-4FF1-86E9-3EF1BAAC3928}.
0 out of 1 jobs canceled.
Der Vorgang wurde erfolgreich beendet.

Der Vorgang wurde erfolgreich beendet.

Ein an das System angeschlossenes Ger„t funktioniert nicht.

OK.

OK.

OK.

Der Wert DisabledComponents ist vorhanden. šberschreiben (J/N)?
========= End of Batch: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3997682 B
Java, Flash, Steam htmlcache => 142270272 B

When I try to doubleclick the updates it just gives me details and information on it

Where can I locate the diagtrack of everything search? Also what is virus total and how do I scan there? Sorry for all these questions, I’m not very experienced in dealing with programmes

Where is the shortcut.txt also how does the machine perform without the external hardware attached?
Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste Diagtrack or Diag Track into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.
Upload File(s) to VirusTotal

H:\641c8f59b6c1076160953ca76b
H:\1d19b25478ebf73e7ede28d7cfc4
H:\be08cbf81b5496fa69b1799599ab75
F:\10250f3a22f82721ca


[ul]
[li]Please go to VirusTotal.[/li][li]Click the Choose File button.[/li][li]Navigate to >>>>>>>> F:\10250f3a22f82721ca[/li][li]or simply copy and paste it. [/li]
[li] [/li]https://pchelpforum.net/attachments/...8-22-png.1460/

[li]Click the Scan it! button.[/li][li]You might see a message saying File already analysed, if you do click Reanalyse.[/li][li]Wait for all the scans to finish then copy and paste the web address from your broswer’s address bar.[/li]Example of web address : https://pchelpforum.net/proxy.php?image=http%3A%2F%2Fi526.photobucket.com% 2Falbums%2Fcc345%2FMPKwings%2FVirusTotalresultslin k.jpg&hash=8983225971e2df621a6aa54e43249993

[li]Include the link in your next reply.[/li][/ul]

DiagTrack Scan

Should I scan every single file? There are 34 files for H:\641c8f59b6c1076160953ca76b alone
and I can’t select them all at once. Also which program produced the shortcut.txt? The machine is performing better than before!