Laptop very slow

**siq** · 02-05-2017, 03:02 AM

ClearLNK by Alex Dragokas ver. 2.9.0.11

OS: x64 Windows 7 Home Premium, 6.1.7601, Service Pack: 1
Time: 05.02.2017 - 04:02
Language: OS: de-DE (0x407). Display: de-DE (0x407). Non-Unicode: de-DE (0x407)
Elevated: Yes
User: Philipp (group: Administrator)

_____________________________ Logbeginn ______________________________
.
[ OK ] 2 “C:\Users\Public\Desktop\Google Chrome.lnk” → [ “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” ] (Methode R3-A2) (ОК)
[ OK ] 3 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk” → [ “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” ] (Methode R3-A2) (ОК)
[ OK ] 5 “C:\Users\Philipp\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\Google Chrome.lnk” → [ “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” ] (Methode R3-A2) (ОК)
.
[DEL ] 1 “C:\Users\Philipp\Desktop\Ph\VERKNP~1\MOZILL~1.LNK ” (Ziel ist nicht wiederhergestellt)
[DEL ] 4 “C:\Users\Philipp\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Start Tor Browser.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 6 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2\Metin2.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 7 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye\Uninstall BattlEye.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 8 “C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\DI ESIE~1\IMINTE~1.LNK” (Ziel ist nicht wiederhergestellt)
[DEL ] 9 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 10 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Fehlermelder.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 11 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View License.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 12 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 13 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 14 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\Oblivion\Oblivion.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 15 “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\Oblivion\Readme.txt.lnk” (Ziel ist nicht wiederhergestellt)
[DEL ] 16 “C:\Users\Philipp\Desktop\Arda\ZPN Connect.lnk” (Ziel ist nicht wiederhergestellt)
.
_____________________________ Statistik ______________________________
Die Heilung wird ausgeführt: 1 mal pro Tag.

Insgesamt verarbeitet: 16

Geheilt: 3
Gelöscht: 13
____________________________ Berichtsende ____________________________CRC32: 9888CD83

**siq** · 02-05-2017, 03:19 AM

When I try to drag the AVZ fix it says that an error has occured. Am I supposed to unzip the file and then send it?

**Malnutrition** · 02-05-2017, 03:33 AM

You needed to copy and paste the fix into AVZ. If you can not get it to work then Skip the AVZ fix.

[MEDIA=imgur]ZqPlcW4[/MEDIA]

[MEDIA=imgur]xYuPFGA[/MEDIA]

**siq** · 02-05-2017, 03:42 PM

Oh, sorry I meant the file you get after you are done with the AVZ fix. I can’t post it on here, am I supposed to unzip it and then send it?

**Malnutrition** · 02-05-2017, 04:10 PM

No need, move onto the UVS step. Also, tell me how the machine is running.

**siq** · 02-06-2017, 12:40 AM

Sorry again, what I meant was the UVS step; I can’t put the file here…

**Malnutrition** · 02-06-2017, 04:57 AM

To send UVS logs…

Upload the file to Sendspace.com or Filedropper.com and send the link here in your next reply. Once you have uploaded the log and sent the link, please run a scan with Eset Online Scanner. As this log will take me a while to go over.

ESET Online Scanner

Important note: This scan may take an extended amount of time, make certain your machine does not go to sleep.

[ul]
[li]Click here to download the installer for ESET Online Scanner and save it to your Desktop.[/li][li]Disable all your antivirus and antimalware software [/li]
[li]Right click on esetsmartinstaller_enu.exe and select Run as Administrator.[/li][li]Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.[/li][li]Select Enable detection of potentially unwanted applications.[/li][li]Click Advanced Settings, then place a checkmark in the following:[/li]

[li]Remove found threats[/li][li]Scan archives[/li][li]Scan for potentially unsafe applications[/li][li]Enable Anti-Stealth technology[/li][/ul]
[li]Click Start to begin scanning.[/li][li]ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.[/li][li]When the scan is done, click List threats (only available if ESET Online Scanner found something).[/li][li]Click Export, then save the file to your desktop.[/li][li]Click Back, then Finish to exit ESET Online Scanner.[/li]

**siq** · 02-06-2017, 05:05 PM

https://fs11u.sendspace.com/upload?SPEED_LIMIT=0&MAX_FILE_SIZE=314572800&UPLOAD_IDENTIFIER=1389103950.1486394607.D5CEBA2B.25.0&DESTINATION_DIR=7

**Malnutrition** · 02-06-2017, 07:20 PM

That link is dead. Just go ahead and run the Eset Scan.

**Malnutrition** · 02-06-2017, 08:13 PM

You sent me the link in the picture below correct? If so then use, Filedropper or try again.

[MEDIA=imgur]fcOswpK[/MEDIA]

If this does not work, then use QuickDiag. If you can not copy and paste the log, break it into two post or attach it to the forum.

Quick Diag Scan.

Download Quick Diag to your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Extended Scan.
Post the log that is generated in your next post.

**siq** · 02-06-2017, 09:54 PM

Eset Scan Log.

UVS Log here.

F:\Documents and Settings\Philipp\AppData\Local\Cuppat\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijk igpfjh.crx JS/Lightning.A potentially unwanted application
F:\Documents and Settings\Philipp\AppData\Roaming\ZHP\Quarantine\Bl end\14.0\1033\ResourceCacher.dll a variant of Win32/Obfuscated.NKY trojan
F:\Documents and Settings\Philipp\Downloads\advanced-systemcare-setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
F:\Documents and Settings\Philipp\Downloads\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\Documents and Settings\Philipp\Downloads\geek_CB-DL-Manager.exe a variant of Win32/DownloadGuide.D potentially unwanted application
F:\Documents and Settings\Philipp\Downloads\HSS-3.42-install-hss-691-conduit.exe Win32/Toolbar.Conduit potentially unwanted application
F:\Documents and Settings\Philipp\Downloads\Wirelesskeyview_168\wir elesskeyview-x64\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B potentially unsafe application
C:\FRST\Quarantine\C\Users\Philipp\AppData\Local\G oogle\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijk igpfjh.crx.xBAD JS/Lightning.A potentially unwanted application deleted
C:\FRST\Quarantine\C\Users\Philipp\AppData\Roaming \Mozilla\Firefox\Profiles\q87ndktt.default\Extensi ons\arthurj8283@gmail.com\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting
C:\Users\Philipp\AppData\Local\Cuppat\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijk igpfjh.crx JS/Lightning.A potentially unwanted application deleted
C:\Users\Philipp\AppData\Roaming\ZHP\Quarantine\Bl end\14.0\1033\ResourceCacher.dll a variant of Win32/Obfuscated.NKY trojan cleaned by deleting
C:\Users\Philipp\Downloads\advanced-systemcare-setup.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Philipp\Downloads\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Philipp\Downloads\geek_CB-DL-Manager.exe a variant of Win32/DownloadGuide.D potentially unwanted application cleaned by deleting
C:\Users\Philipp\Downloads\HSS-3.42-install-hss-691-conduit.exe Win32/Toolbar.Conduit potentially unwanted application cleaned by deleting
C:\Users\Philipp\Downloads\Wirelesskeyview_168\wir elesskeyview-x64\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B potentially unsafe application cleaned by deleting
C:\Windows\Installer\55f26.msi a variant of Win32/Adware.ELEX.EL application deleted
F:\Program Files\EAM Standard\IMonitorMng.exe Win32/Monitor.EmployeeActMon potentially unsafe application cleaned by deleting
F:\Program Files\EAM Standard\IMonitorSrv.exe Win32/Monitor.EmployeeActMon potentially unsafe application cleaned by deleting
F:\Program Files\EAM Standard\IMonLogCmd.exe Win32/Monitor.EmployeeActMon potentially unsafe application cleaned by deleting
F:\Program Files (x86)\Application Updater\ApplicationUpdater.exe a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe a variant of Win64/Toolbar.Widgi.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth155.dll a variant of Win32/Toolbar.Widgi.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth156.dll a variant of Win32/Toolbar.Widgi.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth157.dll Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth159.dll Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth160.dll Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth161.dll a variant of Win32/Toolbar.Widgi.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth162.dll a variant of Win32/Toolbar.Widgi.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wth163.dll a variant of Win32/Toolbar.Widgi.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx155.dll Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx156.dll Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx157.dll Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx159.dll Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx160.dll Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx161.dll a variant of Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx162.dll a variant of Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx163.dll a variant of Win64/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Freecorder 6\tbcore3.dll a variant of Win32/Toolbar.Softomate.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Hotspot Shield\ConduitUninstaller.exe Win32/Toolbar.Conduit potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Hotspot Shield\Uninstall.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application cleaned by deleting
F:\Program Files (x86)\Hotspot_Shield\Hotspot_ShieldToolbarHelper.e xe Win32/Toolbar.Conduit.Q potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Hotspot_Shield\ldrtbHots.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll Win32/Toolbar.Conduit.O potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Hotspot_Shield\tbHots.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Hotspot_Shield\uninstall.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
F:\Program Files (x86)\IObit Apps Toolbar\WidgiHelper.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application cleaned by deleting
F:\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\IObit Apps Toolbar\IE\7.3\iobitappsToolbarIE.dll a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\IObit Toolbar\WidgiHelper.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application cleaned by deleting
F:\Program Files (x86)\IObit Toolbar\FF\components\iobitToolbarFF.dll a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\IObit Toolbar\IE\7.3\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataM ngrHlp.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataM ngrHlpFF3.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataM ngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataM ngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataM ngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataM ngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite.AB potentially unwanted application cleaned by deleting
F:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\YTD Toolbar\WidgiHelper.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application cleaned by deleting
F:\Program Files (x86)\YTD Toolbar\FF\components\ytdToolbarFF.dll a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\ProgramData\IObit\ASCDownloader\IObit Malware Fighter.exe.bak a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\ProgramData\IObit\ASCDownloader\Smart Defrag.exe.bak a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\Local\Babylon\Setup\BExte rnal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\Local\Babylon\Setup\IECoo kieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\Local\Babylon\Setup\Setup .exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\Local\Conduit\CT1561552\H otspot_ShieldAutoUpdateHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\LocalLow\Hotspot_Shield\l drtbHots.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\LocalLow\Hotspot_Shield\t bHots.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\1h3ekou1.default\conduitCommon\modules\3.9 .0.3\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application cleaned by deleting
F:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\1h3ekou1.default\extensions\staged{c95a4e8 e-816d-4655-8c79-d736da1adb6d}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
F:\Users\Philipp\Documents\eam\EAM.exe Win32/GameTool.CM potentially unsafe application cleaned by deleting
F:\Users\Philipp\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\avira_free_antivirus_de 1200855.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
F:\Users\Philipp\Downloads\cbsidlm-cbsi109-Advanced_SystemCare-BP-10407614.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\DTLite4452-0287.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
F:\Users\Philipp\Downloads\DTLite4454-0314.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
F:\Users\Philipp\Downloads\EAMECEPSE (1).zip Win32/GameTool.CM potentially unsafe application deleted
F:\Users\Philipp\Downloads\EAMECEPSE.zip Win32/GameTool.CM potentially unsafe application deleted
F:\Users\Philipp\Downloads\freecorder6-setup.exe Win32/DownloadAdmin.G potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\FreeVideoDub.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\FreeYouTubeToMP3Convert er31012.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\gb31-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\HSS-2.78-install-chip-389-conduit.exe Win32/Toolbar.Conduit potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\League_of_Legends_2_201 2.exe a variant of Win32/Toolbar.Widdit.A potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\m4a-to-mp3-converter_7.2.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application cleaned by deleting
F:\Users\Philipp\Downloads\rcpsetup_softonic_catse curity.exe a variant of Win32/Systweak.U potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\rcpsetup_softonic_new_d e_ros_new.exe a variant of Win32/Systweak.U potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\registrybooster.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\registryboosterplc.exe Win32/RegistryBooster potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\slow-pcfighter_Web.exe a variant of Win32/SlowPCfighter potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\SoftonicDownloader_fuer _keyfinder.exe Win32/SoftonicDownloader.E potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\SoftonicDownloader_fuer _sweet-home-3d.exe Win32/SoftonicDownloader.D potentially unwanted application cleaned by deleting
F:\Users\Philipp\Downloads\SopCast3.5.0.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
F:\Users\Philipp\Downloads\YTD3.9.4.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Windows\Installer\145009.msi a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
F:\Windows\Installer\74204.msi a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
F:\Windows\Installer\936da.msi a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
F:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
F:\Windows\Temp\IObitAppsToolbar.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Windows\Temp\IObitToolbar.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
F:\Windows\Temp\ytdToolbar.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting

**Malnutrition** · 02-07-2017, 02:14 AM

Universal Virus Sniffer Fix.

[ul]
[li]Create A Restore Point![/li][li]Close All Other Open Programs!![/li]
[li]Copy the content of the CodeBox below to your clipboard.[/li]
[li]Open the folder where you have UVS installed. [/li]
[li]Right Click On Start and Run as admin.[/li][li]Select Start Under The Current User.[/li][li]Then Select Script.[/li][li]Then Execute Script From ClipBoard.[/li][li]After your machine reboots.[/li][li]Open the folder where UVS is installed.[/li][li]You will find a file named similar to the one below. [/li]
[li]2017-02-06_21-00-34_log[/li][li]Open it and copy then entire content post it here.[/li][/ul]

[ICODE];uVS v3.87 [dsrt.dyndns.org] ;Target OS: NTv6.1 v385c delref %SystemDrive%\USERS\PHILIPP\APPDATA\ROAMING\MOZILL A\FIREFOX\PROFILES\Q87NDKTT.DEFAULT\EXTENSIONS\@UL TIMATESHOPPINGSEARCH.XPI delref %SystemDrive%\USERS\PHILIPP\APPDATA\LOCAL\GOOGLE\C HROME\USER DATA\DEFAULT\EXTENSIONS\FLLIILNDJEOHCHALPBBCDEKJKL BDGFKK\2.0.0_1\AVIRA BROWSERSCHUTZ delall %Sys32%\GWX\GWX.EXE delall %Sys32%\GWX\GWXUI.DLL delall %Sys32%\GWX\GWXUX.EXE delall %SystemDrive%\USERS\PHILIPP\DOWNLOADS\HSS-3.42-INSTALL-HSS-691-CONDUIT.EXE delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DEIIB DDCOHPJHAJBNFKPBOACMOHOMMPPP%26INSTALLSOURCE%3DOND EMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFABH KDEOPJKCPKMOFLIIMBJCKMOCFIOM%26INSTALLSOURCE%3DOND EMAND%26UC delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DFLLI ILNDJEOHCHALPBBCDEKJKLBDGFKK%26INSTALLSOURCE%3DOND EMAND%26UC delall F:\ADVANCED SYSTEMCARE 6\SECURITYHOLE_BACKUP\KB2836939.EXE delall %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE delref {7AEFE841-DCA1-4A95-80CB-BE935D020400}\[CLSID] delref {1C492E6A-2803-5ED7-83E1-1B1D4D41EB39}\[CLSID] delref {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}\[CLSID] delref {DC638EEA-2BA2-4459-9C46-85A2F0BE6040}\[CLSID] delref {4F622628-7632-4B28-B184-D7BA0CA3273B}\[CLSID] delref {94586423-855F-4EB2-9F6A-D9DA5658DBE3}\[CLSID] delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID] delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID] delref {F706E19B-6C14-4272-BA98-2F16636A898D}\[CLSID] delref {D27CDB6E-AE6D-11CF-96B8-444553540000}\[CLSID] delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID] delref {9638B7D6-11F5-4406-B387-327642A11FFB}\[CLSID] delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID] delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID] delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID] delref {68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}\[CLSID] delref {581C7D7D-F809-4E03-A631-74C069D5F04A}\[CLSID] delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID] delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID] delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID] delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID] delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID] delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID] delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID] delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID] delall %Sys32%\DRIVERS\LIRSGT.SYS delall %SystemDrive%\PROGRAM FILES (X86)\SYSTEMREQUIREMENTSLAB\CYRI\DETECTION.DLL delall %Sys32%\GATHERNETWORKINFO.VBS delall %Sys32%\DRIVERS\WINRING0_1_2_0.SYS deltmp restart [/ICODE]

**Malnutrition** · 02-07-2017, 02:33 AM

Full Virus Scan AVZ

Download AVZ if you have deleted it.
Right click on AVZ Run as Admin.
Update the program by pressing the [MEDIA=imgur]7M4aWtt[/MEDIA] button.
Make sure all settings are the same in the pic below.
[MEDIA=imgur]RRq8bFM[/MEDIA]

Next:
Under File Types Make sure the settings are the same as below.

[MEDIA=imgur]pifPiAF[/MEDIA]

Next:
Under Search Parameters Make sure the settings are the same as below.

[MEDIA=imgur]3J7dRcY[/MEDIA]

Now click the Start Button.

[MEDIA=imgur]9FH7a0c[/MEDIA]

When the scan is complete then click on Save Log.

http://i.imgur.com/7PyGiQq.png

Save the log to the desktop – Copy it and paste it here in your next reply.

9-Lab Removal Tool Malware Scan.

[ul]
[li]Download 9-Lab Removal Tool. [/li][li]CLICK HERE to determine whether you’re running 32-bit or 64-bit for Windows.[/li][li]Install the program onto your computer, then right click the icon run as administrator.[/li][li]Update the program and then run a Quick scan![/li][li]Make sure the program updates, might be better to install it update reboot and check for updates again.[/li][li]You need to make sure the database updates!!![/li][li]Upon Scan Completion Click on Show Results.[/li][li]Then Click On Clean[/li][li]Then Click on Save Log.[/li][li]Save it to your desktop, copy and paste the contents of the log here in your next reply.[/li][/ul]

**Malnutrition** · 02-08-2017, 09:44 PM

@siq How about an update for us please.

**siq** · 02-09-2017, 02:03 AM

UVS Scan Log.

2017.02.09 02:44
2017.02.09 01:44 (UTC)

[HEADING=1]SeDebug set
SeRestore set
SeBackup set
SeShutdown set
SeTakeOwnership set
SeLoadDriver set
SeManageVolume set
SeSecurity set
SeTcb set
SeImpersonate set
SeAssignPrimaryToken set
SeCreateTokenPrivilege set
SeIncreaseQuotaPrivilege set[/HEADING]
[HEADING=1]Virus Base: 0 signatures
Loaded criterions: 0[/HEADING]
[HEADING=1]uVS v3.87 [ http://dsrt.dyndns.org ]: Windows 7 Home Premium x64 (NT v6.1 SP1) build 7601 Service Pack 1 [C:\WINDOWS]
64-bit module activated
UAC: 1
Free physical memory 1299Mb of 6076Mb
Free space on system dirve: 51,2GB
Boot: Normal[/HEADING]
[HEADING=1]Internet Explorer v9.0.8112.16421[/HEADING]
[HEADING=1]Current user: Philipp-PC\Philipp
uVS user: Philipp-PC\Philipp
Connection #01: ZenMate
Computer name: PHILIPP-PC[/HEADING]
[HEADING=1]HOSTS:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
Total: 0[/HEADING]
[HEADING=1]Persistent routes:
Total: 0[/HEADING]
[HEADING=1]User registry found: 1
Analyzing processes and active modules…
Analyzing registry…
Building list of active drivers and system modules…
VBR NTFS [C:]: Unknown master boot code SHA1: 0B0C8F8072981EB82D4BE073BAF91B4E9713FD22
IPL NTFS [C:]: Unknown master boot code SHA1: 1822DD5ECD50527D15DA57881AEF4A2753079565
VBR NTFS [F:]: Unknown master boot code SHA1: A65563E3D994272197E22FC1C63418D61F3CBA08
IPL NTFS [F:]: Unknown master boot code SHA1: 1822DD5ECD50527D15DA57881AEF4A2753079565
VBR NTFS [G:]: Unknown master boot code SHA1: A65563E3D994272197E22FC1C63418D61F3CBA08
IPL NTFS [G:]: Unknown master boot code SHA1: 1822DD5ECD50527D15DA57881AEF4A2753079565
VBR NTFS [H:]: Unknown master boot code SHA1: 0B0C8F8072981EB82D4BE073BAF91B4E9713FD22
IPL NTFS [H:]: Unknown master boot code SHA1: 1822DD5ECD50527D15DA57881AEF4A2753079565
MBR#0 [232,9GB]: Unknown master boot code SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MBR#1 [596,2GB]: Unknown master boot code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5
Analyzing files…
File not found: C:\WINDOWS\SYSWOW64\COMPMGMTLAUNCHER.EXE
File not found: C:\WINDOWS\SYSTEM32\PSXSS.EXE
File not found: C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_DUMPATA.SYS
File not found: C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_MSAHCI.SYS
File not found: C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_DUMPFVE.SYS
Analysis complete.
Ready.
======= Begin =======[/HEADING]
[HEADING=1]v385c[/HEADING]

[HEADING=1]delref %SystemDrive%\USERS\PHILIPP\APPDATA\ROAMING\MOZILL A\FIREFOX\PROFILES\Q87NDKTT.DEFAULT\EXTENSIONS@ULTIMATESHOPPINGSEARCH.XPI[/HEADING]
[HEADING=1]Deleting all refs: C:\USERS\PHILIPP\APPDATA\ROAMING\MOZILLA\FIREFOX\P ROFILES\Q87NDKTT.DEFAULT\EXTENSIONS@ULTIMATESHOPPINGSEARCH.XPI
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref %SystemDrive%\USERS\PHILIPP\APPDATA\LOCAL\GOOGLE\C HROME\USER DATA\DEFAULT\EXTENSIONS\FLLIILNDJEOHCHALPBBCDEKJKL BDGFKK\2.0.0_1\AVIRA BROWSERSCHUTZ[/HEADING]
[HEADING=1]Deleting all refs: C:\USERS\PHILIPP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FLLIILNDJEOHCHALPBBCDEKJKL BDGFKK\2.0.0_1\AVIRA BROWSERSCHUTZ
Modified/deleted objects 0 of 0 | Deleted file(s): 136 of 136[/HEADING]
[HEADING=1]delall %Sys32%\GWX\GWX.EXE[/HEADING]
[HEADING=1]Deleting all refs and file: C:\WINDOWS\SYSTEM32\GWX\GWX.EXE
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delall %Sys32%\GWX\GWXUI.DLL[/HEADING]
[HEADING=1]Deleting all refs and file: C:\WINDOWS\SYSTEM32\GWX\GWXUI.DLL
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delall %Sys32%\GWX\GWXUX.EXE[/HEADING]
[HEADING=1]Deleting all refs and file: C:\WINDOWS\SYSTEM32\GWX\GWXUX.EXE
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 0 of 0 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delall %SystemDrive%\USERS\PHILIPP\DOWNLOADS\HSS-3.42-INSTALL-HSS-691-CONDUIT.EXE[/HEADING]
[HEADING=1]Deleting all refs and file: C:\USERS\PHILIPP\DOWNLOADS\HSS-3.42-INSTALL-HSS-691-CONDUIT.EXE
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 0 of 0 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref HTTPS://clients2.google.com/SERVICE/...CE=ONDEMAND&UC[/HEADING]
[HEADING=1]Deleting all refs: HTTPS://clients2.google.com/SERVICE/...CE=ONDEMAND&UC
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref HTTPS://clients2.google.com/SERVICE/...CE=ONDEMAND&UC[/HEADING]
[HEADING=1]Deleting all refs: HTTPS://clients2.google.com/SERVICE/...CE=ONDEMAND&UC
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref HTTPS://clients2.google.com/SERVICE/...CE=ONDEMAND&UC[/HEADING]
[HEADING=1]Deleting all refs: HTTPS://clients2.google.com/SERVICE/...CE=ONDEMAND&UC
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delall F:\ADVANCED SYSTEMCARE 6\SECURITYHOLE_BACKUP\KB2836939.EXE[/HEADING]
[HEADING=1]Deleting all refs and file: F:\ADVANCED SYSTEMCARE 6\SECURITYHOLE_BACKUP\KB2836939.EXE
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 0 of 0 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delall %SystemDrive%\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE[/HEADING]
[HEADING=1]Deleting all refs and file: C:\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\UNINSTALER_SKIPUAC.EXE
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {7AEFE841-DCA1-4A95-80CB-BE935D020400}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {7AEFE841-DCA1-4A95-80CB-BE935D020400}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {1C492E6A-2803-5ED7-83E1-1B1D4D41EB39}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {1C492E6A-2803-5ED7-83E1-1B1D4D41EB39}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {DC638EEA-2BA2-4459-9C46-85A2F0BE6040}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {DC638EEA-2BA2-4459-9C46-85A2F0BE6040}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {4F622628-7632-4B28-B184-D7BA0CA3273B}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {4F622628-7632-4B28-B184-D7BA0CA3273B}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {94586423-855F-4EB2-9F6A-D9DA5658DBE3}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {94586423-855F-4EB2-9F6A-D9DA5658DBE3}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}[CLSID]
Modified/deleted objects 4 of 4 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}[CLSID]
Modified/deleted objects 4 of 4 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {F706E19B-6C14-4272-BA98-2F16636A898D}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {F706E19B-6C14-4272-BA98-2F16636A898D}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {D27CDB6E-AE6D-11CF-96B8-444553540000}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {D27CDB6E-AE6D-11CF-96B8-444553540000}[CLSID]
Modified/deleted objects 3 of 3 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {9638B7D6-11F5-4406-B387-327642A11FFB}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {9638B7D6-11F5-4406-B387-327642A11FFB}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {8AD9C840-044E-11D1-B3E9-00805F499D93}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {8AD9C840-044E-11D1-B3E9-00805F499D93}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {88D969C5-F192-11D4-A65F-0040963251E5}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {88D969C5-F192-11D4-A65F-0040963251E5}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {88D969C4-F192-11D4-A65F-0040963251E5}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {88D969C4-F192-11D4-A65F-0040963251E5}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {88D969C3-F192-11D4-A65F-0040963251E5}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {88D969C3-F192-11D4-A65F-0040963251E5}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {88D969C2-F192-11D4-A65F-0040963251E5}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {88D969C2-F192-11D4-A65F-0040963251E5}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {88D969C1-F192-11D4-A65F-0040963251E5}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {88D969C1-F192-11D4-A65F-0040963251E5}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {88D969C0-F192-11D4-A65F-0040963251E5}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {88D969C0-F192-11D4-A65F-0040963251E5}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {581C7D7D-F809-4E03-A631-74C069D5F04A}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {581C7D7D-F809-4E03-A631-74C069D5F04A}[CLSID]
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {4063BE15-3B08-470D-A0D5-B37161CFFD69}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {233C1507-6A77-46A4-9443-F871F945D258}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {233C1507-6A77-46A4-9443-F871F945D258}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {166B1BCA-3F9C-11CF-8075-444553540000}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {166B1BCA-3F9C-11CF-8075-444553540000}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[CLSID]
Modified/deleted objects 2 of 2 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {59116E30-02BD-4B84-BA1E-5D77E809B1A2}[CLSID]
Modified/deleted objects 0 of 0 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delref {CEF51277-5358-477B-858C-4E14F0C80BF7}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {CEF51277-5358-477B-858C-4E14F0C80BF7}[CLSID]
Modified/deleted objects 0 of 0 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {177AFECE-9599-46CF-90D7-68EC9EEB27B4}[CLSID]
Modified/deleted objects 0 of 0 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}[CLSID][/HEADING]
[HEADING=1]Deleting all refs: {23E5D772-327A-42F5-BDEE-C65C6796BB2A}[CLSID]
Modified/deleted objects 0 of 0 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delall %Sys32%\DRIVERS\LIRSGT.SYS[/HEADING]
[HEADING=1]Deleting all refs and file: C:\WINDOWS\SYSTEM32\DRIVERS\LIRSGT.SYS
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Unloaded driver: C:\WINDOWS\SYSTEM32\DRIVERS\LIRSGT.SYS
Killing processes…
Service (re)start unlocked
Modified/deleted objects 1 of 1 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delall %SystemDrive%\PROGRAM FILES (X86)\SYSTEMREQUIREMENTSLAB\CYRI\DETECTION.DLL[/HEADING]
[HEADING=1]Deleting all refs and file: C:\PROGRAM FILES (X86)\SYSTEMREQUIREMENTSLAB\CYRI\DETECTION.DLL
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 1 of 1 | Deleted file(s): 1 of 1[/HEADING]
[HEADING=1]delall %Sys32%\GATHERNETWORKINFO.VBS[/HEADING]
[HEADING=1]Deleting all refs and file: C:\WINDOWS\SYSTEM32\GATHERNETWORKINFO.VBS
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Killing processes…
Service (re)start unlocked
Modified/deleted objects 0 of 0 | Deleted file(s): 2 of 2[/HEADING]
[HEADING=1]delall %Sys32%\DRIVERS\WINRING0_1_2_0.SYS[/HEADING]
[HEADING=1]Deleting all refs and file: C:\WINDOWS\SYSTEM32\DRIVERS\WINRING0_1_2_0.SYS
Service (re)start blocked
Analyzing processes and active modules…
Gathering additional inforamtion…
Stopping services and unloading drivers…
Unloaded driver: C:\WINDOWS\SYSTEM32\DRIVERS\WINRING0_1_2_0.SYS
Killing processes…
Service (re)start unlocked
Modified/deleted objects 1 of 1 | Deleted file(s): 0 of 0[/HEADING]
[HEADING=1]deltmp[/HEADING]
[HEADING=1]Remove all files of folder: C:$RECYCLE.BIN
Remove all files of folder: F:$RECYCLE.BIN
Remove all files of folder: G:$RECYCLE.BIN
Remove all files of folder: H:$RECYCLE.BIN
Removed files: 20061 of 20061
Remove all files of folder: C:\USERS\PHILIPP\APPDATA\LOCAL\TEMP
Remove all files of folder: C:\WINDOWS\TEMP
Remove all files of folder: C:\WINDOWS\MINIDUMP
Remove all files of folder: C:\WINDOWS\LIVEKERNELREPORTS\WATCHDOG
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LO CAL\TEMP
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\APPDATA\ LOCAL\TEMP
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Remove all files of folder: C:\USERS\PHILIPP\APPDATA\LOCAL\MICROSOFT\WINDOWS\T EMPORARY INTERNET FILES
Remove all files of folder: C:\USERS\PHILIPP\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYM ENT\CACHE
Remove all files of folder: C:\USERS\PHILIPP\APPDATA\LOCALLOW\TEMP
Remove all files of folder: C:\USERS\PHILIPP\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\USERS\PHILIPP\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\USERS\PHILIPP\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Remove all files of folder: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\L OCAL\TEMP
Remove all files of folder: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Remove all files of folder: C:\USERS\UPDATUSUSER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\USERS\UPDATUSUSER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\USERS\UPDATUSUSER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Remove all files of folder: C:\USERS\DEFAULT\APPDATA\LOCAL\TEMP
Remove all files of folder: C:\USERS\DEFAULT\APPDATA\LOCAL\MICROSOFT\WINDOWS\T EMPORARY INTERNET FILES
Remove all files of folder: C:\USERS\DEFAULT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\USERS\DEFAULT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\USERS\DEFAULT\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Remove all files of folder: C:\PROGRAMDATA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTARCHIVE
Remove all files of folder: C:\PROGRAMDATA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\WER\REPORTQUEUE
Remove all files of folder: C:\PROGRAMDATA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\EXPLORER
Removed files: 74 of 87
Remove all executables of folder: C:\WINDOWS\FONTS
Remove all executables of folder: C:\USERS\PHILIPP\COOKIES
Remove all executables of folder: C:\USERS\DEFAULT\COOKIES
Removed files: 0 of 0
Cleaning complete[/HEADING]
[HEADING=1]restart[/HEADING]

Laptop very slow

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment