15 replies to this topic

[progrocktv]

My parent's computer is running incredibly slow. My father (who wins the world record for paitence) will play solitaire for up to 45 minutes sometimes waiting for a window he clicked on finally open up.  Logs posted below. Thanks in advance!

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-05-16 19:00:40
-----------------------------
19:00:40.832    OS Version: Windows 6.0.6002 Service Pack 2
19:00:40.832    Number of processors: 2 586 0xF0D
19:00:40.834    ComputerName: COMPUTER-PC  UserName: Phil
19:00:42.357    Initialize success
19:00:42.366    VM: initialized successfully
19:00:42.368    VM: Intel CPU virtualization not supported
19:01:38.989    AVAST engine defs: 15051601
19:01:42.608    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:01:42.614    Disk 0 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152627MB BusType: 3
19:01:42.623    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
19:01:42.630    Disk 1 Vendor: ST2000DM001-1ER164 CC25 Size: 1907729MB BusType: 3
19:01:42.640    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-4
19:01:42.648    Disk 2 Vendor: ST3000DM001-1CH166 CC24 Size: 2861588MB BusType: 3
19:01:42.672    Disk 0 MBR read successfully
19:01:42.681    Disk 0 MBR scan
19:01:42.739    Disk 0 Windows VISTA default MBR code
19:01:42.755    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6000 MB offset 2048
19:01:42.800    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       146625 MB offset 12290048
19:01:42.835    Disk 0 scanning sectors +312578048
19:01:42.948    Disk 0 scanning C:\Windows\system32\drivers
19:02:03.645    Service scanning
19:02:28.167    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:02:35.074    Modules scanning
19:02:35.088    Disk 0 trace - called modules:
19:02:35.110    ntkrnlpa.exe CLASSPNP.SYS disk.sys dvd43llh.sys >>UNKNOWN [0x9191a1f8]<<
19:02:35.122    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x924b8660]
19:02:35.134    3 CLASSPNP.SYS[972ed8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x922bb030]
19:02:35.146    \Driver\atapi[0x922b3250] -> IRP_MJ_CREATE -> 0x9191a1f8
19:02:36.702    AVAST engine scan C:\Windows
19:02:46.307    AVAST engine scan C:\Windows\system32
19:07:42.807    AVAST engine scan C:\Windows\system32\drivers
19:08:06.267    AVAST engine scan C:\Users\Phil.computer-PC
19:13:32.698    AVAST engine scan C:\ProgramData
19:24:40.960    Disk 0 statistics 5524238/0/0 @ 3.52 MB/s
19:24:40.980    Scan finished successfully
19:26:09.413    Disk 0 MBR has been saved successfully to "C:\Users\Phil.computer-PC\Desktop\What the Tech\MBR.dat"
19:26:09.452    The log file has been saved successfully to "C:\Users\Phil.computer-PC\Desktop\What the Tech\aswMBR.txt"

 

-----------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Phil (administrator) on COMPUTER-PC on 16-05-2015 19:27:27
Running from C:\Users\Phil.computer-PC\Desktop\What the Tech
Loaded Profiles: Phil (Available profiles: computer & Fritz Satterley & Phil & DL)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\dvd43\DVD43_Tray.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM\...\Run: [dvd43] => C:\Program Files\dvd43\dvd43_tray.exe [827904 2009-10-23] ()
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKU\S-1-5-21-1131524254-3440752195-579090314-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3890768 2015-03-02] (Tonec Inc.)
HKU\S-1-5-21-1131524254-3440752195-579090314-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-14] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
AppInit_DLLs: avgrsstx.dll => avgrsstx.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Register NOD32.lnk [2008-10-01]
ShortcutTarget: Register NOD32.lnk -> C:\Program Files\ESET\Noderator\Register NOD32.exe (No File)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1131524254-3440752195-579090314-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\S-1-5-21-1131524254-3440752195-579090314-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Arcadesafari BHO -> {adff4c9a-4f49-4a1f-8885-360e107b7938} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask)
Toolbar: HKU\S-1-5-21-1131524254-3440752195-579090314-1003 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Phil.computer-PC\AppData\Roaming\Mozilla\Firefox\Profiles\atupwlj7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-11-08]
FF HKU\S-1-5-21-1131524254-3440752195-579090314-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Phil.computer-PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Phil.computer-PC\AppData\Roaming\IDM\idmmzcc5 [2015-03-07]
FF HKU\S-1-5-21-1131524254-3440752195-579090314-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Phil.computer-PC\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaalfkaochmpgmopdonnkkpgbodaokg] - C:\Users\Fritz Satterley\AppData\Local\APN\GoogleCRXs\aaaalfkaochmpgmopdonnkkpgbodaokg_7.15.15.0.crx [2013-02-13]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-03-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [974944 2011-09-22] (ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2015-03-06] (RIF) [File not signed]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2011-08-04] (ESET)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
R3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [503296 2006-11-02] (Agere Systems)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-05-08] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\PHIL~1.COM\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\PHIL~1.COM\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 19:26 - 2015-05-16 19:27 - 00000000 ____D () C:\FRST
2015-05-16 17:54 - 2015-05-16 19:27 - 00000000 ____D () C:\Users\Phil.computer-PC\Desktop\What the Tech
2015-05-16 17:51 - 2015-05-16 17:51 - 00000000 ____D () C:\Users\Phil.computer-PC\AppData\Local\Macromedia
2015-05-10 16:25 - 2009-01-11 22:00 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2015-05-10 16:24 - 2008-01-20 20:42 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-10 16:23 - 2008-01-20 20:42 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-10 16:20 - 2015-05-16 18:32 - 00000000 ____D () C:\Users\TEMP
2015-05-02 13:12 - 2015-05-02 13:16 - 00000042 _____ () C:\Users\Phil.computer-PC\AppData\Roaming\default.pls
2015-04-25 13:47 - 2015-04-25 13:47 - 00413031 _____ () C:\Users\Phil.computer-PC\Documents\4-25-15.xml
2015-04-23 23:19 - 2015-04-23 23:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-23 22:53 - 2015-04-23 22:53 - 00000000 _____ () C:\Users\Fritz Satterley\AppData\Local\{6B7E3861-61AE-4D85-AC94-B01C8E2E4173}
2015-04-23 22:53 - 2015-04-23 22:53 - 00000000 _____ () C:\Users\Fritz Satterley\AppData\Local\{1DA63B0E-89CF-48E7-AC4F-D4AC2013F002}
2015-04-19 16:38 - 2015-04-19 16:38 - 00000088 _____ () C:\Users\DL\AppData\Roaming\default.pls
2015-04-19 14:19 - 2015-04-19 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2015-04-19 14:19 - 2015-04-19 14:19 - 00000000 ____D () C:\Program Files\Bulk Rename Utility

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 19:17 - 2013-02-13 19:15 - 00000524 _____ () C:\Windows\Tasks\Arcadesafari.job
2015-05-16 18:54 - 2013-02-19 00:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 18:53 - 2012-05-13 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-16 18:12 - 2008-11-26 09:47 - 01902923 _____ () C:\Windows\WindowsUpdate.log
2015-05-16 17:48 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\tracing
2015-05-16 17:47 - 2013-05-11 13:51 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4e80e7787977.job
2015-05-16 17:47 - 2009-05-28 13:53 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-16 17:46 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-16 17:46 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-16 17:46 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 06:34 - 2006-11-02 07:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-14 06:33 - 2015-03-06 23:25 - 00000000 ____D () C:\Users\Phil.computer-PC\AppData\Roaming\DMCache
2015-05-14 06:32 - 2015-02-04 14:40 - 00000000 ____D () C:\Users\Phil.computer-PC\AppData\Roaming\vlc
2015-05-13 23:52 - 2015-02-04 14:26 - 00033792 _____ () C:\Users\Phil.computer-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-10 17:27 - 2015-02-03 22:46 - 00000944 _____ () C:\Users\Phil.computer-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-10 17:24 - 2015-03-06 23:25 - 00000000 ____D () C:\Users\Phil.computer-PC\Downloads\Video
2015-05-10 16:50 - 2015-03-06 23:25 - 00000000 ____D () C:\Users\Phil.computer-PC\AppData\Roaming\IDM
2015-05-10 16:04 - 2015-03-07 02:05 - 00000000 ____D () C:\Users\DL\AppData\Roaming\vlc
2015-05-10 00:54 - 2015-03-06 23:26 - 00000000 ____D () C:\Users\DL\AppData\Roaming\DMCache
2015-05-02 15:32 - 2013-06-02 15:59 - 00001896 _____ () C:\Windows\setupact.log
2015-05-02 03:25 - 2015-03-08 03:51 - 00243712 _____ () C:\Users\DL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-29 16:45 - 2015-02-03 23:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-26 22:15 - 2015-02-04 00:23 - 00000000 ____D () C:\Users\Phil.computer-PC\AppData\Roaming\FileZilla
2015-04-19 14:12 - 2015-04-11 12:43 - 00000000 ____D () C:\Users\DL\AppData\Roaming\Adobe
2015-04-19 14:12 - 2015-04-11 01:40 - 00000000 ____D () C:\Users\DL\AppData\Local\Adobe
2015-04-17 22:50 - 2006-11-02 04:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 21:40 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2015-05-02 13:12 - 2015-05-02 13:16 - 0000042 _____ () C:\Users\Phil.computer-PC\AppData\Roaming\default.pls
2015-02-04 14:26 - 2015-05-13 23:52 - 0033792 _____ () C:\Users\Phil.computer-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Fritz Satterley\AppData\Local\Temp\apnpip.exe
C:\Users\Fritz Satterley\AppData\Local\Temp\ApnStub.exe
C:\Users\Fritz Satterley\AppData\Local\Temp\file.exe
C:\Users\Fritz Satterley\AppData\Local\Temp\setup.exe
C:\Users\Fritz Satterley\AppData\Local\Temp\thepriceisright2010-114767253-setup.s114767253.c110268333.len.u.dl.exe
C:\Users\Fritz Satterley\AppData\Local\Temp\{8F4FD9D5-1EC0-4529-868B-B68282E2B588}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 17:51

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by Phil at 2015-05-16 19:35:54
Running from C:\Users\Phil.computer-PC\Desktop\What the Tech
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1131524254-3440752195-579090314-500 - Administrator - Disabled)
computer (S-1-5-21-1131524254-3440752195-579090314-1000 - Administrator - Enabled) => C:\Users\computer
DL (S-1-5-21-1131524254-3440752195-579090314-1004 - Administrator - Enabled) => C:\Users\TEMP
Fritz Satterley (S-1-5-21-1131524254-3440752195-579090314-1001 - Administrator - Enabled) => C:\Users\Fritz Satterley
Guest (S-1-5-21-1131524254-3440752195-579090314-501 - Limited - Enabled)
Phil (S-1-5-21-1131524254-3440752195-579090314-1003 - Administrator - Enabled) => C:\Users\Phil.computer-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Allway Sync version 12.14.2 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
APN Updater (HKU\S-1-5-21-1131524254-3440752195-579090314-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.25.0 - Ask.com) <==== ATTENTION
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{8537ABE9-DCE4-4149-A0B4-9926E449AD01}) (Version: 5.0.95.0 - ESET, spol. s r.o.)
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{FF5CA0E3-39BD-4D17-898E-EB3F6C451033}) (Version: 8.3.397 - Nero AG)
Noderator (HKLM\...\{3F6DED63-33F5-4340-BF73-1E3FFC6CD2B8}) (Version: 2.1.0.24 - ESET)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.21 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.2 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {111F1E70-CAF6-4695-913F-F428B174B1A7} - System32\Tasks\GoogleUpdateTaskMachineCore1cdc6975a30f42e => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {29CA0E19-A7B1-4F05-AC82-0557E676070C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {2BBF1F75-A652-41DF-A3AB-DBFEFBEB17A7} - System32\Tasks\Arcadesafari => C:\Users\Fritz Satterley\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [2014-09-04] (Arcadesafari)
Task: {69FF708D-3E0C-4B19-AD48-339A0F835E7B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {70114557-29BF-43A1-9180-BE9085FFDC0B} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4e80e7787977 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {98CE1E1B-319D-499B-ADBB-8961860FB01F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CDB65661-0A00-4194-B934-DBFC78546594} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-25] () <==== ATTENTION
Task: {E017BD9B-92A9-4351-88A0-43B77AB03518} - System32\Tasks\Microsoft\Windows\RestartManager\{8394FCCB-B448-4fb3-8AE2-8E26BCC2C2B9} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Arcadesafari.job => C:\Users\Fritz Satterley\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4e80e7787977.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2006-11-02 04:25 - 2007-05-30 20:01 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2015-02-01 05:17 - 2015-02-01 05:17 - 00039200 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 10:41 - 2014-05-24 10:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 10:41 - 2014-05-24 10:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2015-03-06 20:07 - 2009-10-23 20:34 - 00827904 _____ () C:\Program Files\dvd43\DVD43_Tray.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1131524254-3440752195-579090314-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{94155239-81A8-416E-8726-7F32F33C112C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{12770535-E759-43F6-8BFE-C885B91DCD03}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{33521A26-A3BD-4DD1-8488-895077892329}] => (Allow) LPort=80
FirewallRules: [{537A0E32-012E-4D0A-B96B-0516C822ED8B}] => (Allow) LPort=80
FirewallRules: [{7A5B1B7A-C8EE-4908-99D5-4CFE44C9B04E}] => (Allow) LPort=80
FirewallRules: [{D6CA4044-C11C-4BDB-AAEA-A177DF4D24CB}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{7647728B-C24C-43B9-8A68-118CF57B8201}C:\users\fritz satterley\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\fritz satterley\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{8702C206-6966-4FC3-85CF-6ABDF2261432}C:\users\fritz satterley\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\fritz satterley\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{DD5003F4-5868-49F6-B5D9-48CE383FDA10}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{09A13D7B-8489-495B-9A42-5212A8C7A982}] => (Allow) C:\Users\Fritz Satterley\AppData\Local\Temp\7zS48A1\HPDiagnosticCoreUI.exe
FirewallRules: [{88161B0C-EFAE-4D9A-8C96-F0DC651E9735}] => (Allow) C:\Users\Fritz Satterley\AppData\Local\Temp\7zS48A1\HPDiagnosticCoreUI.exe
FirewallRules: [{FF1E75B4-5289-430E-A59A-64D19C018475}] => (Allow) C:\Users\Fritz Satterley\AppData\Local\Temp\7zS420C\HPDiagnosticCoreUI.exe
FirewallRules: [{E88E16F6-41A2-425C-82AC-C120171C9004}] => (Allow) C:\Users\Fritz Satterley\AppData\Local\Temp\7zS420C\HPDiagnosticCoreUI.exe
FirewallRules: [{6D2B495A-2C78-49F7-8784-1DD6E7C6AC49}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EA7FD3EF-9C07-48F2-B252-3A14800E50B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D15F4AD7-BCF5-456F-9226-F94EBBFCD468}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{BEE0F412-F9C0-4B5F-A218-0B2C4C643DD8}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{90EAD389-003A-46A4-BC89-600BC8B97DAE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #11
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2015 06:12:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <F:\68B9D4FBAC037C92AA\MPASDLTA.VDM> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/16/2015 06:12:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <F:\68B9D4FBAC037C92AA\1.197.1860.0_TO_1.197.2571.0_MPASDLTA.VDM._P> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/16/2015 05:48:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\PHIL.COMPUTER-PC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\ATUPWLJ7.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/16/2015 05:48:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\PHIL.COMPUTER-PC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\ATUPWLJ7.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/16/2015 05:48:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\PHIL.COMPUTER-PC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\ATUPWLJ7.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/16/2015 05:48:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\PHIL.COMPUTER-PC\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\ATUPWLJ7.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (05/16/2015 05:47:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 05:35:50 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.   (0x800705b4)

Error: (05/16/2015 05:35:16 PM) (Source: Windows Search Service) (EventID: 3010) (User: )
Description: The transaction cannot be appended to the queue. File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy103.gthr.

Context:  Application, SystemIndex Catalog


Details:
    Not enough storage is available to process this command.   (0x80070008)

Error: (05/16/2015 05:29:37 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    Class not registered
 (0x80040154)


System errors:
=============
Error: (05/16/2015 07:35:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:43 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:40 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:30 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/16/2015 07:35:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-18 18:55:01.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:55:00.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:59.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:58.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:15.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:14.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:13.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:12.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:10.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 18:54:09.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU E1200 @ 1.60GHz
Percentage of memory in use: 45%
Total physical RAM: 3318.64 MB
Available physical RAM: 1814.77 MB
Total Pagefile: 4767.25 MB
Available Pagefile: 3326.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:143.19 GB) (Free:74.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DL8) (Fixed) (Total:2794.39 GB) (Free:802.72 GB) NTFS
Drive f: (P-1) (Fixed) (Total:1863.01 GB) (Free:861.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 247D4678)
Partition 1: (Not Active) - (Size=5.9 GB) - (Type=27)
Partition 2: (Active) - (Size=143.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 73AC7457)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: A80FD29A)

Partition: GPT Partition Type.

==================== End Of Log ============================
 

[Satchfan]

Hello progrocktv and welcome to WTT.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

• please follow all instructions in the order posted
• please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
• all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
• if you don't understand something, please don't hesitate to ask for clarification before proceeding
• the fixes are specific to your problem and should only be used for this issue on this machine.
• please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please carry out these instructions in the order given.

================================================

Uninstall Ask Toolbar:

• click Start, Control Panel, Programs and Features
• click on Ask Toolbar and then Uninstall

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

• run AdwCleaner
• when it has finished, select Clean
• if it asks to reboot, allow the reboot
• on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• shut down your protection software now to avoid potential conflicts.
• run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
• the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• on completion, a log (JRT.txt) is saved to your desktop and will automatically open
• post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt

Thanks

Satchfan

[progrocktv]

Hi Satchfan (a Louie Armstring fan?)

Thanks for your help! Attached are the logs.

 

Thanks,

PRTV

Attached Files

•  JRT.txt   1.13KB   414 downloads
•  AdwCleanerS0.txt   1.55KB   469 downloads
•  FRST.txt   20.87KB   427 downloads

[Satchfan]

a Louie Armstring fan?

No, Joe Satriani.

Your logs aren’t looking too bad but let’s clear up what was found and run a few more scans.


Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.

AppInit_DLLs: avgrsstx.dll => avgrsstx.dll File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-04-23 22:53 - 2015-04-23 22:53 - 00000000 _____ () C:\Users\Fritz Satterley\AppData\Local\{6B7E3861-61AE-4D85-AC94-B01C8E2E4173}
2015-04-23 22:53 - 2015-04-23 22:53 - 00000000 _____ () C:\Users\Fritz Satterley\AppData\Local\{1DA63B0E-89CF-48E7-AC4F-D4AC2013F002}
C:\Users\Fritz Satterley\AppData\Local\{6B7E3861-61AE-4D85-AC94-B01C8E2E4173}
C:\Users\Fritz Satterley\AppData\Local\{1DA63B0E-89CF-48E7-AC4F-D4AC2013F002}

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
• run FRST then click Fix just once and wait
• it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run AVG removal tool

There some remnants of AVG on your computer so please download and run AVG Removal Tool from here.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Can you please also post the Addition.txt log that was produced with the first run of FRST.

Logs to include in the next post:

Fixlog.txt
checkup.txt
Addition.txt

Please copy and paste them, not attach them.

Thanks

Satchfan

[progrocktv]

Hi Satchfan (I should have known, I've seen him a couple of times here in Denver)

 

Logs posted.

 

Thanks!

Attached Files

•  Fixlog.txt   1.51KB   455 downloads
•  Addition.txt   24.85KB   461 downloads
•  checkup.txt   1.1KB   462 downloads

[Satchfan]

Please copy and paste them, not attach them.

I should have known, I've seen him a couple of times here in Denver

Glad you like him too. I’ve seen him three times and hope to see him again this November.


Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.
 

HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
Task: {69FF708D-3E0C-4B19-AD48-339A0F835E7B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
C:\Program Files\Lavasoft\Ad-Aware
C:\Windows\System32\DRIVERS\Lbd.sys

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
• run FRST then click Fix just once and wait
• it will create a log (Fixlog.txt); please post it to your reply.

================================================

Download Malwarebytes-Anti-Malware

Click here.
 

• double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
• select the “Scan” tab at the top
• there are three scan types; choose Threat Scan, then click on Scan
• when the scan is complete, if no malicious items are found you can close the program
• if malicious items are found be sure that everything is checked and click Quarantine
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt

Can you tell me if there are any outstanding problems.

Satchfan

 

[progrocktv]

Alrighty, here ya go.

Attached Files

•  Fixlog.txt   2.03KB   481 downloads
•  Mbam.txt   7.81KB   463 downloads

[Satchfan]

Hm, Malwarebytes caught a load of stuff that I’d missed.


Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• click the Eset online Scanner button
• for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  

  
  o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  o    double click on the Eset installer icon on your desktop.
   

• check Yes, I accept the Terms of Use
• click the Start button
• accept any security warnings from your browser
• check Enable detection of potentially unwanted applications
• click Advanced settings and select the following:
  

  
  o    scan archives
  o    scan for potentially unsafe applications
  o    enable Anti-Stealth technology

  
  Note: Do not check Remove found threats
   

• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• when the scan completes, push List of found threats
• push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
  

  Note - if ESET doesn't find any threats, no report will be created.
   

• push the back button.
• push Finish

When the scan is complete:

If no threats were found:
 

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Can you tell me if there are any outstanding problems.

Thanks

Satchfan

 

 

[Satchfan]

Hi progrocktv

It has been several days since I asked you to run an Eset scan.

Please let me know the result and we can then tidy up. If I don't hear from you within 24 hours I'll assume that all is well and close the topic.

Thanks

Satchfan

[progrocktv]

Hi Satchfan,

Sorry, last minute thing came up and I didn't have access to the computer. I'll run the scan tonight and let ya know.

 

Thanks!

[Satchfan]

OK. Thanks for letting me know.

[progrocktv]

Hi Satchfan,

Okay here is the log:

C:\Program Files\Allway Sync\Bin\allwaysync.universal.patch.(x86)-patch.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Users\DL\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\DL\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe    Win32/Bundled.Toolbar.Ask.H potentially unsafe application
C:\Users\Fritz Satterley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfkaochmpgmopdonnkkpgbodaokg\7.15.27.55699_0\background\setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Fritz Satterley\AppData\Local\Temp\apnpip.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Fritz Satterley\AppData\Local\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Fritz Satterley\AppData\Local\Temp\setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Fritz Satterley\AppData\LocalLow\AskToolbar\setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Fritz Satterley\Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Phil.computer-PC\Desktop\FileZilla_3.10.1.1_win32-setup.exe    a variant of Win32/InstallCore.WI potentially unwanted application

 

[Satchfan]

C:\Users\Phil.computer-PC\Desktop\FileZilla_3.10.1.1_win32-setup.exe    a variant of Win32/InstallCore.WI potentially unwanted application

This is because FileZilla is open source “freeware”. No “freeware” is usually 100% “free” and usually comes bundled with something but we may have got rid of what was bundled with it so it’s up to you if you want to include it. I have included it in the fix but you can ignore that complete line if you’re happy to keep it.


Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Program Files\Allway Sync\Bin\allwaysync.universal.patch.(x86)-patch.exe”
del /f /s /q "C:\Users\DL\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe”
del /f /s /q "C:\Users\DL\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe”
del /f /s /q "C:\Users\Fritz Satterley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfkaochmpgmopdonnkkpgbodaokg\7.15.27.55699_0\background\setup.exe”
del /f /s /q "C:\Users\Fritz Satterley\AppData\Local\Temp\apnpip.exe”
del /f /s /q "C:\Users\Fritz Satterley\AppData\Local\Temp\ApnStub.exe”
del /f /s /q "C:\Users\Fritz Satterley\AppData\Local\Temp\setup.exe”
del /f /s /q "C:\Users\Fritz Satterley\AppData\LocalLow\AskToolbar\setup.exe”
del /f /s /q "C:\Users\Fritz Satterley\Documents\ApnStub.exe”
del /f /s /q "C:\Users\Phil.computer-PC\Desktop\FileZilla_3.10.1.1_win32-setup.exe”
del %0

• save the Notepad file to your desktop and name it delfiles.bat
• save type as "All Files"
• on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

If you're happy that all is still well, I’ll send instructions to tidy up.

Satchfan

[progrocktv]

Okay, everything is running so far so good.

[Satchfan]

Your computer appears to be clean.


Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

===================================================

Download & run Delfix

• download Delfix from here to remove many of the tools we've used during the cleaning process.
• ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:

o    Create registry backup
o    Purge system restore

• click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Windows updates

I notice that Windows updates are waiting to be installed. Click here for information on how to get the latest Windows updates:

===================================================

Update installed programs

Your versions of Adobe Reader is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

To remove it:

• click Start, Control Panel, Programs and Features.
• click on Adobe Reader 9 and then on Uninstall:

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT

Visit Adobe and download the latest version of Acrobat Reader.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

• download CryptoPrevent
• save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
• you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
• you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
• click OK to continue and select your protection level. Go ahead and click OK.
• click the Apply button to set Default protection
• you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

======================

Your computer needs to be defragmented. See this

Download and run Auslogics Disc Defragmenter

Make sure when installing that you look out for, and say NO to, the ASK toolbar, (although, if you have taken my advice and installed UnChecky, that won’t be necessary).

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams


I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan