Win7 Startup

Hi Roger, no problems about missing a day,

Please close all other programs including Bitdefender again.
Right click Hijack This and select Run as Administrator.
This time click scan only.
Place a tick in the boxes for the following lines only.

O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files (x86)\SSAAD.exe
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (2013/05/20)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe -startup (2016/01/08) (file missing)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe (2016/01/08) (file missing)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Genie.lnk - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (2015/11/11) (file missing)
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (2015/11/07) (file missing)
O4 - MSConfig\startupfolder: C:^Users^Roger^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr (2013/07/06)
O4 - MSConfig\startupreg: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2014/12/17)
O4 - MSConfig\startupreg: [AmazonMP3DownloaderHelper] C:\Users\Roger\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (file missing) (HKCU) (2014/04/13)
O4 - MSConfig\startupreg: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (HKCU) (2014/10/15)
O4 - MSConfig\startupreg: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe /SCB (file missing) (HKCU) (2013/04/26)
O4 - MSConfig\startupreg: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA. EXE /FU “C:\Windows\TEMP\E_S73C9.tmp” /EF “HKCU” (HKCU) (2013/03/22)
O4 - MSConfig\startupreg: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming (file missing) (HKLM) (2016/01/08)
O4 - MSConfig\startupreg: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart (HKLM) (2013/03/22)
O4 - MSConfig\startupreg: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup (file missing) (HKLM) (2015/07/08)
O4 - MSConfig\startupreg: [SPIRunE] C:\Windows\system32\Rundll32.exe SPIRunE.dll,RunDLLEntry (HKLM) (2013/03/22)
O4 - MSConfig\startupreg: [SsAAD.exe] C:\Program Files (x86)\SSAAD.exe (HKCU) (2017/11/05)
O4 - MSConfig\startupreg: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun (HKLM) (2015/07/08)
O4 - MSConfig\startupreg: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2017/11/09)
O4 - MSConfig\startupreg: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot (file missing) (HKLM) (2014/06/28)
O4 - MSConfig\startupreg: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (HKCU) (2017/05/06)
O4 - MSConfig\startupreg: [UMonit] C:\Windows\SysWOW64\UMonit.exe (file missing) (HKLM) (2013/03/28)
O4 - MSConfig\startupreg: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe /r (HKLM) (2013/03/22)
O4 - MSConfig\startupreg: [WMAAD] C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe (HKLM) (2015/06/13)
O4 - MSConfig\startupreg: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (HKLM) (2016/08/26)
O4 - MSConfig\startupreg: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (HKLM) (2017/11/09)
O4 - MSConfig\startupreg: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (HKCU) (2014/04/03)
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\Windows\system32\sc.exe start osppsvc
O22 - Task (Queued): \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
O22 - Task (Ready): TechUtilities - C:\Program Files\TechUtilities\TechUtilities.exe -t (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\Windows\ehome\mcupdate.exe -crl -hms -pscn 15
O22 - Task (Ready): {11DB5A80-6065-43E3-AB84-ACCADDB48547} - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (file missing)
O22 - Task (Ready): {23DE1D3F-E2EA-4DD4-9A55-B635FE5C8A53} - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (file missing)
O22 - Task (Ready): {3DA5C7CE-5087-4755-AA98-C4C2D7A237A9} - C:\Windows\system32\pcalua.exe -a “C:\Program Files (x86)\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl” -c Audio Console
O22 - Task (Ready): {A2031E4B-9A44-40B3-A13B-4C4B86F46FDD} - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (file missing)
O22 - Task (Ready): {EAEF71F6-FF52-413A-8565-8720208BEE4E} - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (file missing)
O22 - Task (Running): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe

After all the above lines all ticked click “Fix Checked”
Reboot your computer, and re enable Bitdefender.

Is you machine any better now?

Gus ,

All done - thanks.
Started up PC on five occasions during the day - average time was 51.6 seconds to desktop plus another 16.4 seconds to Internet access. (51.6 - 68)
Great improvement on before which was approx. 55 - 115+)
Desktop arrival was roughly the same - great improvement on Internet access.

Presumably all that is left to do is clean up desktop - please advise.

For info the following was my fortnightly procedure:
Windows Update (Manual)(Prefer to do manually - any opinion?)
Superantispyware (now uninstalled)
CCleaner
Avira (Now replaced by Bitdefender)
Malwarebytes Free
Defraggler
Create restore Point
Diskcleanup/Cleanup system files/Delete all but last restore point.

Does Bitdefender and CCleaner cater for Antivirus and Antimalware?

Do I have things in the right order? Do I need anything else? Or anything less?

Apologies for all the questions.

Hello Roger, glad that your PC performance has improved

Windows Update (Manual)(Prefer to do manually - any opinion?).. That is fine, update when it suits you.

Superantispyware (now uninstalled) ..Good

CCleaner.. just be careful with the registry

Avira (Now replaced by Bitdefender)..Actually your system had AVG which was what we recommended to remove and replace with Bitdefender. Try Bitdefender and as it has a great reputation for malware detection should serve you well.

Malwarebytes Free.. This is not listed as being installed on your PC. I did remove a remnant of what would have been an old install, but it is not listed in any of your logs.

Defraggler.. fortnightly might be an overkill.

Create restore Point.. Windows should automatically create restore points on a regular basis, but OK.

Diskcleanup/Cleanup system files/Delete all but last restore point…Not quite necessary as often as you do, but no harm.

Does Bitdefender and CCleaner cater for Antivirus and Antimalware? CCleaner does not remove malware. Bitdefender does, but after we clean our tools off your machine I will recommend a NON REALTIME malware Scanner to use for a second opinion that will not interfere with your realtime security. Remember that no security tool/suite will detect every case of a virus or malware, they will all miss something sometime. This does not mean you should install more than one real time protection app irrespective of what their ads say about working with other security programs.

Your machine did not have any real malware to speak of, just a build up of junk. To remain safe continue to use care when browsing, and ensure anything you download is indeed coming from a reputable source.

OK let’s cleanup our tools.

Please go HERE and download Delfix Save it to your desktop.
Right click the new Delfix desktop icon [MEDIA=imgur]3gArQoZ[/MEDIA] and then click “run as administrator”
Place a tick in the following checkboxes
[ol]
[li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][li]Then select “Run”[/li][/ol]
[MEDIA=imgur]tdR6h0N[/MEDIA]

Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post:slight_smile:

Gus,
Thanks for comments.
My apologies, Avira should have read AVG (I copied from my fortnightly idiot’s guide without thinking).
CCleaner - do you advise not to use Registry cleanup?
BTW Gus, I still have Malwarebytes Free on my PC - keep it or uninstall it?

Ran Delfix and after reboot what was left on desktop was a backups folder?
I kept a copy of geek uninstaller for future use - is that OK?

Gus,
Apologies forgot to upload file in my last post.
At the moment I am unable to upload file.
I will try later.

Gus,
Managed to upload file - had to disable Bitdefender again to do it - then re-enable.

Thank you for the log Roger, Can you try uploading it again with a different browser.

Gus,
File uploaded with Firefox - is this what you wanted? Looks the same?
Had to disable Bitdefender again.

Hello Roger, are there any messages when Bitdefender blocks the upload, and has it only blocked Delfix? Sometimes security scan tools will do this to AV’s, My bad, I should have asked you to copy and paste the contents.

Just to ensure nothing more is lurking can you get a ZHP log for us to check?

Please go HERE and click the

[MEDIA=imgur]fQO1SSi[/MEDIA] link (French for Download) and save it to your desktop.

Once saved to your desktop left click the new icon [MEDIA=imgur]Eu7NnVQ[/MEDIA] and choose “Run as administrator”

Accept any security warnings that may pop up.

Then select
[ol]
[li]Options[/li][li]Check all[/li][li]Validate[/li][li]Close[/li][/ol]
[MEDIA=imgur]693KFMT[/MEDIA]

Next select Scanner from the main interface.

[MEDIA=imgur]0DVeOof[/MEDIA]

Depending on the amount of data on your PC it may take a little time to complete. Once it finishes then click the Report tab as shown above and a notepad file will open with your report file.

Please COPY and PASTE the contents of the notepad file with your next post

Gus,
There were no messages from Bitdefender when I tried to upload - all I did was disable it and that allowed me to upload the file.
The only message was on the PC Forum screen (see attached screenshot).
From memory I think it was Delfix and Hijack that there was a problem with.
Please also see attached ZHP Report.

Hi Roger, my first grandson born today, please allow me a day extra to respond

No probs. Gus - Congratulations.

Hello Roger, and thank you

Please go HERE and click the blue [MEDIA=imgur]fQO1SSi[/MEDIA] link (French for download) and save the file to your desktop.

Please note is it important to disable your antivirus before running this tool. If you are uncertain how to do this please ask?

Right click the desktop icon [MEDIA=imgur]h5QXsXi[/MEDIA] and choose “Run as Administrator”. You can safely ignore any security warnings when running this tool.

On the main interface select IMPORT

[MEDIA=imgur]I3yMa37[/MEDIA]

If a box appears similar to that below, click OK or just X out of it.

[MEDIA=imgur]v6smBPj[/MEDIA]

Copy the contents of the box below
Script Zhpfix
G2 - GCE: Preference [Roger][User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] http://www.google.com/ =>.Google Inc. {Hidden Chrome extensions}
O53 - SMSR:HKLM...\startupreg\Kernel and Hardware Abstraction Layer [Key] [64Bits] . (.Logitech, Inc. - Logitech KHAL Main Process.) – KHALMNPR.EXE (.not file.) =>.Logitech, Inc.
O53 - SMSR:HKLM...\startupreg\Raptr [Key] [64Bits] . (…) – C:\PROGRA~2\Raptr\raptrstub.exe (.not file.)
O38 - TASK: {0693356A-65C9-4DAD-870A-88FB5148FE6A} [64Bits][\Microsoft\Windows\Media Center\RecordingRestart] - (…) – C:\Windows\ehome\ehrec (.not file.) [0] (.Orphan.)
O38 - TASK: {6F6F15F0-98DC-4998-8E09-FFF194371AC6} [64Bits][\Microsoft\Windows\Media Center\mcupdate] - (…) – C:\Windows\ehome\mcupdate (.not file.) [0] (.Orphan.)
O38 - TASK: {D1D8DDF6-9D19-47C1-980C-1340DAEAABC7} [64Bits][\Microsoft\Windows\Media Center\StartRecording] - (…) – C:\Windows\ehome\ehrec (.not file.) [0] (.Orphan.)
O38 - TASK: {F29D109D-DBD8-425A-83B4-7DB78FBDEBB5} [64Bits][\TechUtilities] - (…) – C:\Program Files\TechUtilities\TechUtilities.exe (.not file.) [0] (.Orphan.)
O43 - CFD: 05/06/2015 - D – C:\Program Files (x86)\AddonLog
O108 - CMH1: EPPShellEx [64Bits] - {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} . (.Orphan.)
O108 - CMH1: ImageConverter3 [64Bits] - {C6643EC0-49AC-4c15-A455-04104DB900A9} . (.Orphan.)
O108 - CMH1: ShellExtension [64Bits] - . (.Orphan.)
O108 - CMH1: _Movavivc11 [64Bits] - {1C604495-4D32-476e-8D7E-FBF50F6C80BF} . (.Orphan.)
O108 - CMH4: ImageConverter3 [64Bits] - {C6643EC0-49AC-4c15-A455-04104DB900A9} . (.Orphan.)
O108 - CMH4: ShellExtension [64Bits] - . (.Orphan.)
O108 - CMH5: ImageConverter3 [64Bits] - {C6643EC0-49AC-4c15-A455-04104DB900A9} . (.Orphan.)
O108 - CMH7: ShellExtension [64Bits] - . (.Orphan.)
C:\Program Files (x86)\AddonLog
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \EPPShellEx
HKLM\Software\Classes\CLSID{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \ImageConverter3
HKLM\Software\Classes\CLSID{C6643EC0-49AC-4c15-A455-04104DB900A9}
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \ShellExtension
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers _Movavivc11
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\ImageConverter3
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\ShellExtension
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\ImageConverter3
HKLM\Software\Classes\Drive\shellex\ContextMenuHan dlers\ShellExtension
EmptyPrefetch
Emptytemp
EmptyClsid

And paste it into the blank ZHP Fix interface screen, then click GO.

[MEDIA=imgur]CiyzY6j[/MEDIA]

Accept the cleaning process by clicking “Oui” (yes)



The cleanup will run and will again ask for permission to complete, again select “Oui”.

At the conclusion of cleaning a file notepad will open and be saved to your desktop. Please Copy and Paste the contents of this file in your next reply

Gus,
I think I’ve done it OK?
Please see attached report - or should I have copied and pasted from notepad?

Gus,
I have noticed that I have ended up with a Prefetch Folder (36.6 MB) in my Recycle Bin??

Hi Roger, yes we emptied your prefetch so no problems there. You can empty the recycle bin if you wish. We should be good to go with your PC now?

BTW I noticed in your list of regular tasks you perform there was no mention of any backups? This is really important and although not necessary on a daily basis there should be a routine set, depending on the importance of your data, to do regular image backups.

Heres a couple of guides on free apps that may help?



We discussed earlier about a second opinion security scanner to help protect you. I would recommend you try Zemana, it’s lightweight and as the definitions are held offline there is no daily updating needed on your behalf. If you wish to give it a go please go HERE and download it. Zemana when installed will run as a full version (trial) for, I think, 14 - 15 days before reverting to a free version. When you install it pay attention to the options and deselect the option to have “realtime protection”. Even though Zemana say it will run alongside other security apps, remember we should NOT run two realtime security programs at once.

Once installed you can run a system scan at any time by opening Zemana and click scan. To scan individual files or folders simply right click the file/folder and select scan with Zemana from the context menu. Alternatively you can drag and drop any folder/file onto the opened Zemana interface.

If you need any assistance with Zemana feel free to ask anytime?

You can delete anything ZHP related left over, and let me know if you are all set and good to go?