slow computer, Quick Access crashes

Started by orillia3, March 26, 2017, 04:25:22 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

orillia3

Error: (04/01/2017 08:12:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.953, time stamp: 0x58ba59c2
Faulting module name: eModel.dll, version: 11.0.14393.953, time stamp: 0x58ba5b70
Exception code: 0xc0000409
Fault offset: 0x00000000000d47f0
Faulting process id: 0x1207b0
Faulting application start time: 0x01d2aae144f0d48a
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
Report Id: c371c015-95e1-4738-b561-cb396e1782cc
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/30/2017 12:09:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACER-LAPTOP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/29/2017 11:51:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ACER-LAPTOP)
Description: Package Microsoft.WindowsCamera_2017.214.20.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (03/27/2017 03:04:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/26/2017 08:31:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/26/2017 08:31:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/26/2017 08:31:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (04/01/2017 01:45:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (04/01/2017 01:42:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/01/2017 01:42:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/01/2017 01:42:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/01/2017 01:42:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealTimes Desktop Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/01/2017 01:40:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2017 01:05:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2017 03:30:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/28/2017 03:28:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Cloud Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/28/2017 03:26:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2920 @ 1.86GHz
Percentage of memory in use: 50%
Total physical RAM: 3979.34 MB
Available physical RAM: 1974.92 MB
Total Virtual: 7435.34 MB
Available Virtual: 5017.15 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.69 GB) (Free:291.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 588187BA)

Partition: GPT.

==================== End of Addition.txt ============================

Corrine

Thank you, orillia3.

1.  It is your computer, thus,your choice.  However, unless you know what you're doing, registry cleaners are not recommended.  In addition, Microsoft does not support the use of registry cleaners.  See Microsoft support policy for the use of registry cleaning utilitieso.  As a result, you may wish to uninstall IObit from your computer.

2.  Again, your computer, your choice.  That slowness may be due to McAfee.  As I mentioned previously, my son ran into the same situation with his computer.  He thought is was infected.  After I uninstalled McAfee, his computer was back to normal.  If you decide to uninstall McAfee -- even to test and see if it makes a difference (a) be sure you note your license information so it will be available if you decide to reinstalkl it, and (b) Be aware that Windows Defender will activate as antivirus if you uninstall McAfee.  (Note:  seen in Twitter today, "Windows Defender scored perfect 100% in http://av-test.org's zero-day malware test 3rd month straight. https://t.co/EMqljwtpam.

3.  Did you intentionally install Yandex?

4.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.

start
CreateRestorePoint:
CloseProcesses:
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Task: {1521A49D-B1D2-4BFA-8DB3-CC2D212709E7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {15BD8126-0373-4EFE-BB7B-5DDE924BC08B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {291A88CC-EE9C-495F-B5BC-C9F736A8007E} - \Обновление Ð'раузера Яндекс  -> No File <==== ATTENTION
Task: {7DD76286-4F79-432C-832C-01815D5C8C6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {90B2E838-960B-4CE5-94B5-2E166337D5C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9171A773-06B7-4371-8092-13A8260F5D4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B39086BB-8FB0-4116-8DA6-15A587493B83} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C347B361-19A8-4742-A2D0-1D9ABEF19D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E2EBE1FA-191B-4584-9C3E-20835B767B78} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC8CE13A-69C0-469C-90C0-18645BC07E30} - \Yandex.Browser update  -> No File <==== ATTENTION
Task: {EF0626BB-3E8D-4A2A-8525-FB66EEBD0D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
5.  Please download by Xplode and save to your Desktop.

  • Right-click on AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
6.  Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
7.  Please let me know your decisions regarding items 1 and 2 and the answer to the question in item 3. 

8.  As before, the logs may be lengthy so don't hesitate to make multiple replies.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

orillia3

Nope, don't like McAfee.  I think a trial might have come with the computer, never bought it though. I am surprised it is running.  I thought I was just running Windows Defender. 

The IObit program was installed just recently as an attempt to clean out junk in hopes of speeding things up. If I can get the computer running properly I would not need it.  I generally do not use registry cleaners, heard too much problems with them. 

I intentionally installed Yandex as an alternative browser and kept it as it actually works.  Internet Explorer  quits working a long time ago, if I can get it to work at all, Edge is a little better, but still slows and stalls.  My first choice is Chrome which I have used since it first came out.  Even it is slow and stalls.

I will check to see what McAfee is running on my computer and get rid of it. I will report results of that first. 

Corrine

I knew I should have waited until morning to review your logs.  You're right.  Windows Defender is working & there are just McAfee leftovers!  Sorry.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

orillia3

I removed all the McAffe leftovers, there was a MacAffee program running, McAfee WebAdvisor a free one to protect against malware websites.  It is all gone now, IObit removed all traces of it that were left over from a regular uninstall.   

I will keep IObit as there are stuff I like, I will not use the registry cleaner option.  I have CCleaner, used it for almost as long as I have a computer, it also has a registry cleaner that I do not use. I had CCleaner all set up how I liked it, then the Windows 10 upgrade kicked it out.  I put in a new copy but have not used it much, mostly to shred blank space, still needs my fine tuning. 

My initial observation is computer is starting to run better already, but will try for a day and continue with the cleaning and updates you provide.

Corrine

Sounds good, Orillia3.  I'll be watching for further updates.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

orillia3

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Allan (04-04-2017 00:45:44) Run:1
Running from C:\Users\Allan\Desktop
Loaded Profiles: Allan (Available Profiles: Allan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Task: {1521A49D-B1D2-4BFA-8DB3-CC2D212709E7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {15BD8126-0373-4EFE-BB7B-5DDE924BC08B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {291A88CC-EE9C-495F-B5BC-C9F736A8007E} - \?????????? ???????? ??????  -> No File <==== ATTENTION
Task: {7DD76286-4F79-432C-832C-01815D5C8C6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {90B2E838-960B-4CE5-94B5-2E166337D5C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9171A773-06B7-4371-8092-13A8260F5D4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B39086BB-8FB0-4116-8DA6-15A587493B83} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C347B361-19A8-4742-A2D0-1D9ABEF19D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E2EBE1FA-191B-4584-9C3E-20835B767B78} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC8CE13A-69C0-469C-90C0-18645BC07E30} - \Yandex.Browser update  -> No File <==== ATTENTION
Task: {EF0626BB-3E8D-4A2A-8525-FB66EEBD0D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKCR\PROTOCOLS\Handler\livecall => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKCR\PROTOCOLS\Handler\msnim => key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1521A49D-B1D2-4BFA-8DB3-CC2D212709E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1521A49D-B1D2-4BFA-8DB3-CC2D212709E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15BD8126-0373-4EFE-BB7B-5DDE924BC08B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15BD8126-0373-4EFE-BB7B-5DDE924BC08B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{291A88CC-EE9C-495F-B5BC-C9F736A8007E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{291A88CC-EE9C-495F-B5BC-C9F736A8007E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\?????????? ???????? ??????  => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD76286-4F79-432C-832C-01815D5C8C6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD76286-4F79-432C-832C-01815D5C8C6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90B2E838-960B-4CE5-94B5-2E166337D5C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90B2E838-960B-4CE5-94B5-2E166337D5C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9171A773-06B7-4371-8092-13A8260F5D4B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9171A773-06B7-4371-8092-13A8260F5D4B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B39086BB-8FB0-4116-8DA6-15A587493B83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B39086BB-8FB0-4116-8DA6-15A587493B83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C347B361-19A8-4742-A2D0-1D9ABEF19D42} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C347B361-19A8-4742-A2D0-1D9ABEF19D42} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2EBE1FA-191B-4584-9C3E-20835B767B78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2EBE1FA-191B-4584-9C3E-20835B767B78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC8CE13A-69C0-469C-90C0-18645BC07E30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC8CE13A-69C0-469C-90C0-18645BC07E30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex.Browser update  => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF0626BB-3E8D-4A2A-8525-FB66EEBD0D59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF0626BB-3E8D-4A2A-8525-FB66EEBD0D59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1096088 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 299713663 B
Java, Flash, Steam htmlcache => 1329 B
Windows/system/drivers => 14190165 B
Edge => 280436856 B
Chrome => 730560889 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 35718107 B
Allan => 520069929 B

RecycleBin => 176578526 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:10:56 ====

orillia3

getting
Quote
This site can’t be reached

general-changelog-team.fr’s server DNS address could not be found.

for your AdwCleaner link
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner/

winchester73

Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Corrine



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

orillia3

# AdwCleaner v6.045 - Logfile created 04/04/2017 at 13:58:27
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-03.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Allan - ACER-LAPTOP
# Running from : C:\Users\Allan\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Allan\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Allan\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\Portable Booster
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\Public\Pokki
[-] Folder deleted: C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder deleted: C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic


***** [ Files ] *****

[-] File deleted: C:\Users\Allan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
[-] File deleted: C:\Users\Public\Desktop\eBay.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Software Update Application


***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-4224532215-4138522658-3305341333-1001\Software\Classes\pokki
  • Key deleted on reboot: HKCU\Software\Classes\pokki
  • Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
    [-] Key deleted: HKU\S-1-5-21-4224532215-4138522658-3305341333-1001\Software\APN PIP
    [-] Key deleted: HKU\S-1-5-21-4224532215-4138522658-3305341333-1001\Software\Myfree Codec
  • Key deleted on reboot: HKCU\Software\APN PIP
  • Key deleted on reboot: HKCU\Software\Myfree Codec
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
  • Key deleted on reboot: [x64] HKCU\Software\APN PIP
  • Key deleted on reboot: [x64] HKCU\Software\Myfree Codec
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key deleted: HKU\S-1-5-21-4224532215-4138522658-3305341333-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
  • Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nicerdays.org
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nicerdays.org
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
  • Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nicerdays.org
  • Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nicerdays.org
    [-] Value deleted: HKU\S-1-5-21-4224532215-4138522658-3305341333-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
    [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
  • Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
    [-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg


    ***** [ Web browsers ] *****

    [-] [C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48
    [-] [C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&UP=SP82317BAD-96D2-4D74-8D10-A071C5F119A6&SSPV=
    [-] [C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://lasaoren.com/?f=7&a=lrn_frg01_14_46_ch&cd=2XzuyEtN2Y1L1QzuyD0A0EtAyEyByE0AtAtB0EyE0E0C0F0CtN0D0Tzu0StCtDyEyDtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtCyEtAtDtBtCzytG0EzzyCyBtG0FtDyE0AtGzy0DtDzztGyByCyDyDyC0D0CyBtCyDtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyDyE0B0AtB0BtGtD0FzyyEtGyEzy0C0FtGzyzyyCyBtG0E0B0AyBtC0DtD0B0F0AtC0D2Q&cr=782148250&ir=
    [-] [C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm
    [-] [C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iabeihobmhlgpkcgjiloemdbofjbdcic
    [-] [C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: kofkpgiaknijknhajbhnghkodiccblkg


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [6802 Bytes] - [04/04/2017 13:58:27]
    C:\AdwCleaner\AdwCleaner[S0].txt - [6524 Bytes] - [04/04/2017 12:53:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6948 Bytes] ##########

orillia3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by Allan (Administrator) on 2017-04-04 at 14:16:32.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm (Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm (Folder)
Successfully deleted: C:\Users\Allan\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Allan) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Allan (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Allan.job (Task)



Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0107721491139398mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8486B728-79A4-4C79-BBF6-82D4F53511D6} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B463D4A0-02B8-4682-8C77-3263190789D9} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-04-04 at 14:33:14.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Corrine

After all that hard work, is your computer still slowing to a crawl?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

orillia3

After a few days I will admit Chrome and Edge are usable again.  Yandex really pops.  I will be adding some extra RAM soon to help things along, and remove some of the extensions on Chrome.  I still have some questions in the coming weeks about the programs I have on my computer and how necessary some of them are, with the idea of unloading some. 

Thankyou for all your unselfish hard work. Your knowledge is much appreciated.

I did have an eye on a computer deal last weekend where a drug store, Shoppers Drug Mart, sells electronics and I had enough points for $180 off a $369 computer which had as part of the deal a $50 gift card.  However I would essentially end up with a quad core Acer, which is what I have now.  I knew a big bill for brakes for my car was coming up (just spent $500) so was hesitant, and I still want a big flat screen TV which they also sell, and I have a spot on my wall already reserved for one.

My first question is about Yandex browser.  I started using Yandex search as it seems to give different results than Chrome and useless Bing.  It offered a browser so I tried it as IE never seemed to work on this computer very well, and Chrome and Edge were not playing nice either.  What is the downside as it seems to be based on Chromium and Opera.  Should I be using Opera instead, and what search engine do they use?  So far my experience is generally positive, unless there is something about this Russian browser I should know about?  :-\


Corrine

First, let's clean up the tools we used.  Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
The program will run for a few moments and then notepad will open with a log, which you can close.

I wasn't familiar with the Yandex Browser when reviewing your logs so checked it out and didn't see anything that made it questionable.  From Yandex Browser - Wikipedia, it appears the only reference to Opera is that it "uses Opera Software's Turbo technology to speed web browsing on slow connections".

Personally I absolutely do not find Bing useless and have it set as my default search engine.  I really like how "Bing Answers" provides a fast answer.  For a few examples, type any of the items below in Bing Search:

speed test
when is Easter
circumference of the moon
15 squared

Other questions?  Ask away!  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.