Jump to content

Slow Windows System Check


Recommended Posts

System has been lagging since Acronis Backup crash. Acronis overloaded my backup drive then Blue screens started. Uninstalled it, Seem to be a lot of errors involving ports and  slow downs or crashes when USB is attached. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by jim (administrator) on JIM-PC (21-08-2016 13:25:28)
Running from C:\Users\jim\Desktop
Loaded Profiles: jim (Available Profiles: jim)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MacDrive 9 application] => C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [507904 2012-05-31] (Mediafour Corporation)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\jim\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [MacDriveVolumeIcon] -> {6B21AF46-EE37-40D0-A707-C06C17D06CE9} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers: [MacDriveVolumeIconReadOnly] -> {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A113AB99-F70E-4FB5-AF18-2772DF1F67AA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

FireFox:
========
FF ProfilePath: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\jt9saoui.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1586447121-1290467794-2333047351-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-31] (Citrix Online)
FF Plugin HKU\S-1-5-21-1586447121-1290467794-2333047351-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Extension: Adblock Plus - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\jt9saoui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET)
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [178176 2012-05-21] (Mediafour Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [317136 2012-06-06] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-05] (Mediafour Corporation)
R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [187120 2012-06-11] (Mediafour Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 NPF; system32\drivers\NPF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-21 13:25 - 2016-08-21 13:25 - 00011019 _____ C:\Users\jim\Desktop\FRST.txt
2016-08-21 13:25 - 2016-08-21 13:25 - 00000000 ____D C:\FRST
2016-08-21 13:24 - 2016-08-21 13:24 - 02396672 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe
2016-08-21 12:44 - 2016-08-21 12:44 - 00003304 ____N C:\bootsqm.dat
2016-08-21 12:23 - 2016-08-21 12:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-08-21 12:23 - 2016-08-21 12:23 - 00000000 ___SD C:\Windows\system32\GWX
2016-08-21 07:47 - 2016-08-21 07:47 - 00000000 ____D C:\Users\jim\AppData\Local\{1F5FFF03-FEF6-4350-B14E-5714856C2A5A}
2016-08-20 19:46 - 2016-08-20 19:46 - 00000000 ____D C:\Users\jim\AppData\Local\{C6C2D76F-A1A0-40C2-8EE3-BDCE18CD1865}
2016-08-20 07:45 - 2016-08-20 07:45 - 00000000 ____D C:\Users\jim\AppData\Local\{A2FDAE3F-7D55-44F9-A304-87508719DF99}
2016-08-19 19:44 - 2016-08-19 19:44 - 00000000 ____D C:\Users\jim\AppData\Local\{FCBBC8C1-F766-4FF8-948A-96A31092D900}
2016-08-19 07:43 - 2016-08-19 07:43 - 00000000 ____D C:\Users\jim\AppData\Local\{C3FDB404-2F7C-4592-8AA5-5FB38508FBE4}
2016-08-18 19:42 - 2016-08-18 19:42 - 00000000 ____D C:\Users\jim\AppData\Local\{C9BF3434-DEB9-4151-992B-E982CA0FF6DD}
2016-08-18 07:41 - 2016-08-18 07:42 - 00000000 ____D C:\Users\jim\AppData\Local\{533DFAD0-71CC-43BC-8427-7633622230D6}
2016-08-17 19:40 - 2016-08-17 19:41 - 00000000 ____D C:\Users\jim\AppData\Local\{FBFF54C2-3B63-409B-86AF-245FB01FFC05}
2016-08-17 06:55 - 2016-08-17 06:56 - 00000000 ____D C:\Users\jim\AppData\Local\{5FB0F507-0FE3-49B2-9433-3FD2B4B77309}
2016-08-16 19:08 - 2016-08-16 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-08-16 19:08 - 2016-08-16 19:08 - 00000000 ____D C:\ProgramData\ESET
2016-08-16 18:54 - 2016-08-16 18:54 - 00000000 ____D C:\Users\jim\AppData\Local\{C4CF3ACF-E454-40A4-B21B-FF01CD0AF5FD}
2016-08-15 20:02 - 2016-08-15 20:03 - 00000000 ____D C:\Users\jim\AppData\Local\{314B820B-F8A9-4C2D-A189-F75988142653}
2016-08-15 08:02 - 2016-08-15 08:02 - 00000000 ____D C:\Users\jim\AppData\Local\{D2939CF1-8FC8-4BEE-8368-FEFAD7D657D9}
2016-08-14 20:01 - 2016-08-14 20:01 - 00000000 ____D C:\Users\jim\AppData\Local\{106CB046-B14E-4FB4-B046-BE9556F80ADA}
2016-08-14 08:00 - 2016-08-14 08:01 - 00000000 ____D C:\Users\jim\AppData\Local\{75A881C5-C195-42D3-A921-5042D0212346}
2016-08-13 20:00 - 2016-08-13 20:00 - 00000000 ____D C:\Users\jim\AppData\Local\{7B2AA113-08FA-4DB1-8D98-DB99DB657F0F}
2016-08-13 07:59 - 2016-08-13 07:59 - 00000000 ____D C:\Users\jim\AppData\Local\{6F9F8B8F-AB9A-48B7-8D47-B2D8FD632670}
2016-08-12 19:58 - 2016-08-12 19:59 - 00000000 ____D C:\Users\jim\AppData\Local\{E02A9B5E-7AD8-41B9-8CA9-E9C13BB07DCB}
2016-08-12 07:58 - 2016-08-12 07:58 - 00000000 ____D C:\Users\jim\AppData\Local\{7FBF5C6E-A160-49AD-BED3-296E0BC80A16}
2016-08-11 19:58 - 2016-08-11 19:58 - 00000000 ____D C:\Users\jim\AppData\Local\{95C835C3-4CF3-431B-9535-637096B8D2D6}
2016-08-11 07:57 - 2016-08-11 07:57 - 00000000 ____D C:\Users\jim\AppData\Local\{5724C163-A255-4F5B-940A-5EE7F94655C3}
2016-08-10 19:55 - 2016-08-10 19:55 - 00000000 ____D C:\Users\jim\AppData\Local\{AC3641F6-0B5B-4800-A6C5-400CF9817E0D}
2016-08-10 07:14 - 2016-08-10 07:14 - 00000000 ____D C:\Users\jim\AppData\Local\{D2F7AAD6-192B-4A55-A64C-FBE3BD0E9AD5}
2016-08-09 19:13 - 2016-08-09 19:13 - 00000000 ____D C:\Users\jim\AppData\Local\{BD0674A5-0852-4DB0-A6D5-97E6123B4C28}
2016-08-08 20:07 - 2016-08-08 20:07 - 00000000 ____D C:\Users\jim\AppData\Local\{B78C6DA1-5066-4209-B425-0F8FDE3E6337}
2016-08-08 08:06 - 2016-08-08 08:06 - 00000000 ____D C:\Users\jim\AppData\Local\{6E6B1BF1-33CE-4570-984E-0333F0E8EA69}
2016-08-07 20:06 - 2016-08-07 20:06 - 00000000 ____D C:\Users\jim\AppData\Local\{04141E43-4325-4361-BF4A-201BEFA0551A}
2016-08-07 07:17 - 2016-08-07 07:17 - 00000000 ____D C:\Users\jim\AppData\Local\{0A16A081-44E6-4FDB-9483-4B018A5DAC62}
2016-08-06 19:16 - 2016-08-06 19:17 - 00000000 ____D C:\Users\jim\AppData\Local\{72ACF761-040D-48D4-8854-F977CE3DD977}
2016-08-06 07:16 - 2016-08-06 07:16 - 00000000 ____D C:\Users\jim\AppData\Local\{7C83590B-6326-437E-A3C2-42495BA29E45}
2016-08-05 20:42 - 2016-08-05 20:43 - 00000000 ____D C:\Users\jim\Desktop\Flushing
2016-08-05 08:09 - 2016-08-05 08:09 - 00000000 ____D C:\Users\jim\AppData\Local\{FDB333C3-2F45-4BA8-8342-F43E1A604C87}
2016-08-04 20:06 - 2016-08-04 20:06 - 00000000 ____D C:\Users\jim\AppData\Local\{D4A013E8-F4DA-42C5-8868-D3D7D3949B56}
2016-08-04 19:51 - 2016-08-04 19:51 - 00000000 ____D C:\Users\jim\AppData\Local\{CF5C9324-1C7D-4488-B7FA-706146A00893}
2016-08-04 07:50 - 2016-08-04 07:51 - 00000000 ____D C:\Users\jim\AppData\Local\{42323AC3-6E46-423E-A98D-82D42436CCE6}
2016-08-03 19:49 - 2016-08-03 19:50 - 00000000 ____D C:\Users\jim\AppData\Local\{E5EA61B3-08FC-4C7B-9D9D-F6AE7D34038D}
2016-08-03 07:49 - 2016-08-03 07:49 - 00000000 ____D C:\Users\jim\AppData\Local\{CF1D2587-BB46-495E-B1A4-7817F85164DA}
2016-08-02 19:49 - 2016-08-02 19:49 - 00000000 ____D C:\Users\jim\AppData\Local\{178BF956-7BD9-4453-97AA-F46A4B98274A}
2016-08-02 07:48 - 2016-08-02 07:48 - 00000000 ____D C:\Users\jim\AppData\Local\{5D902770-BA8B-48E4-B08D-EB79E7DA937E}
2016-08-01 19:48 - 2016-08-01 19:48 - 00000000 ____D C:\Users\jim\AppData\Local\{7A111C10-8B51-40A3-981B-4DE69EAC5EA4}
2016-07-31 21:45 - 2016-07-31 21:45 - 00000000 ____D C:\Users\jim\AppData\Local\{25D32E22-FE9B-49B0-BE1E-D70F57794A30}
2016-07-31 09:45 - 2016-07-31 09:45 - 00000000 ____D C:\Users\jim\AppData\Local\{2945DF24-9536-4D99-9173-D67088E19FBE}
2016-07-30 21:44 - 2016-07-30 21:44 - 00000000 ____D C:\Users\jim\AppData\Local\{764F2A4C-63C8-49D4-AD1B-98E0DE88ADDC}
2016-07-30 08:22 - 2016-07-30 08:23 - 00000000 ____D C:\Users\jim\Desktop\snips
2016-07-30 06:50 - 2016-07-30 06:50 - 00000000 ____D C:\Users\jim\AppData\Local\{A02F3D05-33DC-4B26-8668-A8E002885114}
2016-07-29 07:57 - 2016-07-29 07:57 - 00000000 ____D C:\Users\jim\AppData\Local\{9A876B88-6C33-43AB-A184-4D04A5BDEA41}
2016-07-28 19:57 - 2016-07-28 19:57 - 00000000 ____D C:\Users\jim\AppData\Local\{22DEC34B-38CD-4350-A6BD-1A217AE1AC41}
2016-07-28 07:56 - 2016-07-28 07:56 - 00000000 ____D C:\Users\jim\AppData\Local\{392BC865-2DA8-4F0C-B9BE-CF199EAAED4F}
2016-07-27 19:56 - 2016-07-27 19:56 - 00000000 ____D C:\Users\jim\AppData\Local\{30C268CC-C004-4D11-8496-50D918918809}
2016-07-27 07:56 - 2016-07-27 07:56 - 00000000 ____D C:\Users\jim\AppData\Local\{9E2247BA-2932-4917-96AB-AFFD852AF45C}
2016-07-26 19:54 - 2016-07-26 19:55 - 00000000 ____D C:\Users\jim\AppData\Local\{C953A175-5BB5-4B87-B3F8-DAB89ECF64F9}
2016-07-26 06:35 - 2016-07-26 06:35 - 00000000 ____D C:\Users\jim\AppData\Local\{4AEC2586-80E8-4068-A853-8285E7F5A46E}
2016-07-25 18:34 - 2016-07-25 18:34 - 00000000 ____D C:\Users\jim\AppData\Local\{0C433236-6003-476E-8994-015BCC17947E}
2016-07-24 20:49 - 2016-07-24 20:50 - 00000000 ____D C:\Users\jim\AppData\Local\{F2973C62-E2C6-4AC1-95B3-EF7612D26F1F}
2016-07-24 18:34 - 2016-08-21 11:52 - 00000000 ____D C:\Users\jim\Desktop\Z
2016-07-24 17:54 - 2016-07-24 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-24 08:48 - 2016-07-24 08:49 - 00000000 ____D C:\Users\jim\AppData\Local\{674B32E2-36F9-4D9F-9FB9-FC3C09ACC2ED}
2016-07-23 18:24 - 2016-07-23 18:24 - 00000000 ____D C:\Users\jim\AppData\Local\{3C1D34DB-7C7D-4CA3-95A1-E5FAE83CC90E}
2016-07-23 11:32 - 2016-07-24 11:14 - 00000000 ____D C:\Users\jim\Desktop\New folder (2)
2016-07-23 10:39 - 2016-07-23 12:02 - 00000000 ____D C:\AdwCleaner
2016-07-23 06:24 - 2016-07-23 06:24 - 00000000 ____D C:\Users\jim\AppData\Local\{0A406A15-40F6-4FE4-AF9D-2D04A358EA91}
2016-07-22 18:23 - 2016-07-22 18:23 - 00000000 ____D C:\Users\jim\AppData\Local\{9FF65C46-5B20-47D0-B614-FADB077EC357}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-21 13:09 - 2013-02-12 09:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-21 13:01 - 2012-03-19 22:59 - 00000000 ____D C:\installers
2016-08-21 12:59 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-21 12:59 - 2009-07-13 21:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-21 12:52 - 2014-04-09 20:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-21 12:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-21 12:11 - 2015-11-29 11:32 - 00000000 ____D C:\Users\jim\Desktop\HardDriveFailure2015
2016-08-21 12:01 - 2013-05-27 20:02 - 00000000 ____D C:\Users\jim\AppData\LocalLow\Temp
2016-08-21 11:59 - 2015-10-03 20:59 - 00000000 ____D C:\Users\jim\Desktop\desktop Wordpads
2016-08-21 11:58 - 2016-05-31 08:11 - 00000000 ____D C:\Users\jim\Desktop\acronisProblems
2016-08-21 11:49 - 2012-03-23 21:42 - 00000000 ____D C:\Users\jim\AppData\Local\Autodesk
2016-08-21 11:46 - 2012-03-23 20:48 - 00000000 ____D C:\Program Files\Autodesk
2016-08-21 02:00 - 2014-08-18 02:00 - 00000000 ____D C:\Users\jim\AppData\Local\Adobe
2016-08-20 11:23 - 2014-01-30 08:53 - 00000000 ____D C:\Users\jim\Downloads\randomDump
2016-08-20 10:58 - 2014-07-28 07:47 - 00000000 ____D C:\Users\jim\Downloads\ToBeSorted
2016-08-20 10:57 - 2013-12-01 07:37 - 00000000 ____D C:\Users\jim\Downloads\mcCracken
2016-08-20 10:50 - 2013-11-04 07:53 - 00000000 ____D C:\Users\jim\Downloads\batarang
2016-08-18 08:41 - 2014-01-11 13:50 - 00001714 _____ C:\Windows\Sandboxie.ini
2016-08-16 19:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-16 19:02 - 2016-07-18 19:41 - 00387328 _____ C:\Windows\ntbtlog.txt
2016-08-16 08:18 - 2012-03-19 22:10 - 00000000 ____D C:\Users\jim
2016-08-16 08:08 - 2012-05-19 17:51 - 00000000 ____D C:\Windows\Minidump
2016-08-16 08:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-08-14 13:34 - 2015-10-03 08:32 - 00000000 ____D C:\Users\jim\Downloads\topstone Masks
2016-08-14 13:33 - 2014-04-26 07:48 - 00000000 ____D C:\Users\jim\Downloads\londonWaxMuseum
2016-08-14 13:33 - 2014-03-29 10:09 - 00000000 ____D C:\Users\jim\Downloads\dickSmith
2016-08-12 07:28 - 2015-12-30 09:01 - 00000000 ____D C:\Users\jim\Downloads\MajorMudd
2016-08-11 08:55 - 2009-07-13 22:08 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-04 02:39 - 2016-06-12 16:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-26 07:31 - 2014-02-09 08:35 - 00000000 ____D C:\Users\jim\Downloads\Cabrera
2016-07-24 17:54 - 2014-04-09 20:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-24 17:36 - 2014-03-09 09:46 - 00000000 ____D C:\Users\jim\Downloads\pierce
2016-07-24 10:47 - 2013-12-08 11:16 - 00000000 ____D C:\Users\jim\Downloads\kennemore
2016-07-24 01:00 - 2016-06-11 16:21 - 00000000 ____D C:\Users\jim\AppData\Local\ElevatedDiagnostics
2016-07-23 11:12 - 2013-11-24 11:38 - 00000000 ____D C:\Users\jim\Downloads\puppetWorkshop
2016-07-23 11:07 - 2014-06-07 07:18 - 00000000 ____D C:\Users\jim\Downloads\Munsters
2016-07-23 11:06 - 2014-04-01 08:39 - 00000000 ____D C:\Users\jim\Downloads\Makeup
2016-07-23 11:06 - 2014-02-09 08:36 - 00000000 ____D C:\Users\jim\Downloads\Baker
2016-07-23 11:06 - 2013-08-09 07:10 - 00000000 ____D C:\Users\jim\Downloads\colan
2016-07-23 11:05 - 2013-06-27 06:11 - 00000000 ____D C:\Users\jim\Downloads\gremlins2
2016-07-23 11:04 - 2013-08-24 13:19 - 00000000 ____D C:\Users\jim\Downloads\Ditko

==================== Files in the root of some directories =======

2013-01-07 21:15 - 2013-01-07 21:17 - 55565637 _____ () C:\Users\jim\AppData\Local\AdobeSetupUtility.zip.aamdownload
2013-01-07 21:15 - 2013-01-07 21:17 - 0000830 _____ () C:\Users\jim\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
2014-01-11 07:49 - 2016-06-28 08:01 - 0007613 _____ () C:\Users\jim\AppData\Local\Resmon.ResmonCfg
2012-03-19 23:23 - 2013-01-09 21:04 - 0193152 _____ () C:\Users\jim\AppData\Local\Schedule8.dat
2012-03-23 22:10 - 2016-07-18 19:49 - 0010567 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\jim\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\jim\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\jim\AppData\Local\Temp\InstHelper.exe
C:\Users\jim\AppData\Local\Temp\libeay32.dll
C:\Users\jim\AppData\Local\Temp\msvcr120.dll
C:\Users\jim\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-16 20:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by jim (21-08-2016 13:26:43)
Running from C:\Users\jim\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-03-20 05:10:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1586447121-1290467794-2333047351-500 - Administrator - Disabled)
Guest (S-1-5-21-1586447121-1290467794-2333047351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1586447121-1290467794-2333047351-1002 - Limited - Enabled)
jim (S-1-5-21-1586447121-1290467794-2333047351-1000 - Administrator - Enabled) => C:\Users\jim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.386.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.386.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.39 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.39 - PC-Doctor, Inc.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
ESET NOD32 Antivirus (HKLM\...\{EABF244B-9702-4B37-AA3F-F5CFF9572546}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
i-Sound Recorder Pro 7.1.6.0 (HKLM-x32\...\i-Sound Recorder for Windows 7_is1) (Version: 7.1.6.0 - AbyssMedia.com)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MacDrive 9 Pro (HKLM\...\{C8D349EC-FFAF-486E-B1B1-F560BFC08789}) (Version: 9.0.3.35 - Mediafour Corporation)
MacDrive 9 Standard (HKLM\...\{53695BCA-8379-4FF7-B13E-193A082FC7DE}) (Version: 9.0.3.35 - Mediafour Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Replay AV 8 (HKLM-x32\...\Replay_AV_807) (Version: 8.83B - Applian Technologies Inc.)
Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.10 - Applian Technologies Inc.)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wondershare Streaming Audio Recorder(Build 2.0.3.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.3.3 - Wondershare Software Co.,Ltd.)
XM Tuner (HKLM-x32\...\{CB3E24CC-0350-4227-8A49-B2D5B9651D12}) (Version: 0.6.4 - PCFIRE)
ZBrush 4R3 (HKLM-x32\...\ZBrush 4R3 4R3) (Version: 4R3 - Pixologic)
ZBrush 4R4 (HKLM-x32\...\ZBrush 4R4 4R4) (Version: 4R4 - Pixologic)
ZBrush 4R4 Patch 02 (HKLM\...\ZBrush 4R4 4R4) (Version: 4R4 - )
ZBrush 4R5 (HKLM-x32\...\ZBrush 4R5 4R5) (Version: 4R5 - Pixologic)
ZBrush 4R6 (HKLM\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1586447121-1290467794-2333047351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jim\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0073FA44-A541-406F-B74F-30640BF96F79} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {015E1475-76BF-4436-97F8-2915B68BA62A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {016900E8-7EE8-4B71-8C53-9E326A8394E1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0D4E269E-2C19-413D-A3AE-F43A8AB2E2A5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {16CEA10D-4099-4495-A4D3-B7003949318E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19738565-C319-46BD-B5E9-4F8EBE4C1A31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1CF22431-1B93-446C-9EBE-989FAF34CBD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {27E82F07-CA2D-4D5C-84D7-B193B3C271C8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {350E91EA-B273-4DC4-9DFA-B56220601963} - System32\Tasks\{66E43304-8B61-468E-A7E6-7E6355855510} => pcalua.exe -a C:\installers\RST_11.6.0.1030_RAID_AHCI_driver_GUI_CLI_2012.10.11\GUI\iata_cd.exe -d C:\installers\RST_11.6.0.1030_RAID_AHCI_driver_GUI_CLI_2012.10.11\GUI
Task: {38434DCB-80AD-4761-8833-710C7D386832} - System32\Tasks\AdobeAAMUpdater-1.0-jim-PC-jim => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {3A4ADBEE-9F64-48DC-B3B1-4AEFABB22498} - System32\Tasks\{E878CFF8-F16C-488E-8902-B41689CF6320} => pcalua.exe -a C:\Users\jim\Downloads\MacDrive_Pro_9.0.3.35_en_Setup.exe -d C:\Users\jim\Downloads
Task: {478AB668-C6EC-40F6-95CE-3A5F37938034} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {556B1A78-8AF0-44E9-BB6A-9160D219D34F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {55E1841C-2C62-498B-AEED-F6B2A5B66A54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5ED6F638-5CE3-47A7-A280-ACF34B699DDF} - System32\Tasks\{70510F85-3121-445D-951B-A46BF6703CF5} => pcalua.exe -a C:\installers\sandboxieupdate10_31\SandboxieInstall.exe -d C:\installers\sandboxieupdate10_31
Task: {6D17DF50-7C07-44FA-9FB0-22E31EB30D66} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7DFCC5C0-B6A9-4342-BB01-1AF92483E627} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7FE46B02-0FC1-4742-AB7E-C9B996EA894B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {812BE62F-3393-4EE9-A3D8-8C334C6D0CC9} - System32\Tasks\{5D6A3E04-2F89-4179-BF30-5B04BBB35E4C} => pcalua.exe -a "C:\Program Files (x86)\WinZip Self-Extractor\SETUP.EXE" -d "C:\Program Files (x86)\WinZip Self-Extractor"
Task: {B1AA7DE6-C157-49E4-A37C-24EED8837774} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B53E0B12-F0E1-440E-B69B-DB0EAEA0550D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {C8C01EC2-15AC-45CD-ACFF-93C9B22CF680} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CDF8D78C-32DB-40CA-8A12-4EAF650BF51C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-05-22] (PC-Doctor, Inc.)
Task: {EF8F4211-1024-4AD4-BDBD-7690C1EF0F3C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F07CE96A-1ED8-4704-9FA6-62A53E83CCFE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F2F616B4-A747-4775-BF00-472B2B2EF553} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {F9B023A6-A2F4-4455-9140-6BA9C3E6E86B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FECDDC4C-E8FC-4A1F-8EEE-BB8692A128B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-05-23 21:11 - 2015-01-30 17:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-22 21:34 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-05-23 21:11 - 2012-11-06 02:34 - 00380776 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\...\akamaihd.net -> hxxps://fbstatic-a.akamaihd.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1586447121-1290467794-2333047351-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-08-2016 20:01:09 Scheduled Checkpoint


==================== Faulty Device Manager Devices =============

Name: SONY CD-RW  CRX217E ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2016 12:47:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 07:09:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 08:40:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2016 08:39:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2016 08:46:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Users\jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.

Program: Windows Explorer
File: C:\Users\jim\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (08/17/2016 08:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: thumbcache.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9d0
Exception code: 0xc0000006
Fault offset: 0x000000000000732d
Faulting process id: 0xaac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/16/2016 07:38:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 07:31:14 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/16/2016 07:31:14 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=3800}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/16/2016 07:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/21/2016 12:50:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/21/2016 12:50:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Defender service to connect.

Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (08/21/2016 12:48:33 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.

Error: (08/19/2016 08:42:32 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1117) while initializing logging resources for channel Microsoft-Windows-DriverFrameworks-UserMode/Operational.

Error: (08/19/2016 08:42:04 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (08/19/2016 08:40:23 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.


==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz
Percentage of memory in use: 36%
Total physical RAM: 8189.65 MB
Available physical RAM: 5216.19 MB
Total Virtual: 16377.51 MB
Available Virtual: 13776.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1582.97 GB) NTFS
Drive f: (Elements) (Fixed) (Total:3725.99 GB) (Free:3158.18 GB) NTFS
Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:562.1 GB) NTFS
Drive i: (My Book) (Fixed) (Total:4657.49 GB) (Free:3133.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 68F5F1FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 881DDD29)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Staff

Hello

Not sure what we can do here in the Malware removal room - this seems more like a windows issue than malware
.
*Do you believe this to be caused by Malwarebytes Anti-Malware or one of our products? If so why?
Do you believe that this is caused by malware or a virus? If so - why - what else is the computer doing?*

Have you tried system restore to before the crashes took place?
.

Link to post
Share on other sites

Yes I tried System Restore but after the first attempt, those earlier stored versions vanished. I am trying here because I'm not sure if GWX Control Panel, CCleaner or Acronis  or some other program could be causing my problems as there may be aspects of those programs considered Malware, as they might be trying to update. I've attempted to find info on the Windows sites and tried several things. This is the best site I've used for help in analyzing  computer problems. If you can point me to a more appropriate forum that would be good.

Link to post
Share on other sites

  • Staff


I will do some checking just to be sure but I do not think it will fix your problems but we will rule it out anyway
.

The first program that I would like you to run is “Junkware Removal Tool”:

.

  1. Download “Junkware Removal Tool” and save it to your desktop. >> JRT.exe <<
  2. Shutdown your antivirus to avoid any conflicts.
  3. Right-mouse click “JRT.exe” and select Run as administrator
  4. If prompted by the UAC select Yes
  5. The tool will open, press Any Key to start the scanning
  6. Please be patient as this can take a while to complete.
  7. On completion, a log (“JRT.txt”) is saved to your desktop and will automatically open.
  8. Please attach “JRT.txt” to your next reply

.

The next program that I would like you to run is “AdwCleaner”:

.

  1. Download “AdwCleaner” and save it to your desktop.>> AdwCleaner <<
  2. Shutdown your antivirus to avoid any conflicts.
  3. Right-mouse click “AdwCleaner” and select Run as administrator
  4. Click on I Agree at the Terms Of Use
  5. When “AdwCleaner” opens I want you to click on Scan
  6. After the scan has completed I want you to click on Cleaning
  7. At the information screen click on OK
  8. Once done it will ask you to reboot, allow the reboot – it is very important
  9. After the computer restarts a report will be open, Save this report to your desktop and attach it to your next reply

.

Once both programs are complete then reply back to me with the two reports and remember to let me know how things are doing.

.
The Reports that I will be wanting are named.
JRT.txt
AdwCleaner[S0].txt

.

.
If you cannot download it from the links above then please use these links

Junkware Removal Tool – http://downloads.malwarebytes.org/file/jrt
AdwCleaner – https://toolslib.net/downloads/finish/1/get/MtP2wJKYTkhmJX1N1UVA8hGn09bIvEa7/

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

Link to post
Share on other sites

  • Staff

The next program we are going to run is called “ComboFix”
.

  1. Download “ComboFix” and save it to your desktop. >> Combofix.exe <<
  2. Shutdown your antivirus to avoid any conflicts.
  3. Double click on ComboFix.exe and follow the prompts.

.

Things to note

  • Do not mouse click on “Combofix’s” window while it is running. That may cause it to stall.
  • Your desktop may go blank. This is normal. It will return when “ComboFix” is done.
  • “ComboFix” may reboot your machine. (even more than once) This is normal.
  • If you encounter a message “illegal operation attempted on registry key that has been marked for deletion” Just restart the “COMPUTER” and that will resolve that error.

.

When finished, it will produce a report for you named. “ComboFix.txt”
Please attach this report in your next reply to me for me to review.

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

Link to post
Share on other sites

  • Staff


At this time, I would like you to check things out with the computer and let me know if you still have the same issue or if there is something else you would like me to check out for you while we are still here.

.

I would also like you to rerun “FRST” for me again and send me the new report for me to check over.

If you cannot find where you saved “FRST” the first time then here are the links again for you.
.

Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.

.
For 32-bit (x86) editions of Windows: >> FRST.exe <<

For 64-bit (x64) editions of Windows: >> FRST64.exe <<

.

  1. Run the “FRST” download that works on your computer
  2. When the tool opens click Yes for the disclaimer in order to continue using “FRST”.
  3. Under the section called “Whitelist” make sure all boxes are checked
  4. Under the section called “Optional Scan” I would like you to have a check mark next to “Addition.txt”
  5. Press the Scan button.
  6. When the scan is done, it will save the reports to the same location as “FRST” (if you had saved “FRST” on your desktop, then the reports will be saved on the desktop).
  7. Please attach the “FRST.txt” and the “Addition.txt” log file to your next reply to me (it is best if you do not copy and paste it into an e-mail).

.

When you reply back to me you should have Two reports for me and I need you to tell me how things are doing.
FRST.txt
Addition.txt

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

 

Link to post
Share on other sites

  • Staff

.
At this time, I would like you to check things out with the computer and let me know if you still have the same issue or if there is something else you would like me to check out for you while we are still here.

.
This feedback will let me know if we need to keep digging deeper and will also let me know if we need to go into a different direction.

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

Link to post
Share on other sites

I see several things I'm wondering about. When the computer started blue screening the HP Scanner stopped scanning. I tried to reinstall the drivers and that didn't work. I uninstalled it and nothing from HP shows up on Add/Remove programs . However some HP programs are running, marked "hidden" on the Addition.txt report. I would like to Uninstall them. report says: "(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually."

___________________________________

I'm started getting this type of screen on Firefox ( attached) on many "https:" sites. I did a reverse image search and it said it could be a malware takeover of Firefox. https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware

I turned Eset  off for a second and was able to open FB. The Eset is fairly recently updated. I did a reverse image search and it says where to adjust Eset to allow https. That didn't work so I'm not using Firefox right now. Using Internet explorer instead. The Firefox website recommended trying a bunch of other Anti malware programs

______________________________

I see a bunch of files marked "GWXTriggers\Time-5d -> No File <==== ATTENTION"____ I can uninstall GWX control panel if that will help.

MacDrive which I don't use much has an error--"Faulting application start time: 0xMacDrive.exe0" --I can uninstall that if needed

still have a lot of these errors--Error: (08/26/2016 08:47:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.---- I've read several websites and still can't really understand how to figure out what is attached to Port 3

I noticed during Combo fix. a file marked autorun for backup hard drive F was deleted. That's probably good as I've noticed  slowdowns and crashes when attaching usb drives.

In general though the computer is starting up faster, and if I turn off all programs I can attach a USB drive without the computer crashing. I  do  have to wait until each folder opens and displays all contents before moving files. There is still a lag but not as bad.


 

firefox.JPG

Link to post
Share on other sites

  • Staff

Hello

 

About the connection is not secure - does not mean it is a virus - https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean

I see a bunch of files marked "GWXTriggers\Time-5d -> No File - these are not a problem and have to do with the windows 10 upgrade GWX = Get Windows 10

The script I made is to do the unhidding of the HP programs

Now I need you to download this script that I have made for you --> fixlist.txt

It needs to be saved Next to the  "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please attach the contents of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo

Link to post
Share on other sites

So I was looking for the unhidden HP programs but I don't see them running. I guess it's "this" in the report. Stopped but marked Hidden again.

fixlist content:
*****************
Start
CloseProcesses:
hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

Link to post
Share on other sites

  • Staff


Hello Casey



Now I need you to download this script that I have made for you --> fixlist.txt

It needs to be saved Next to the  "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please attach the contents of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo

 

Link to post
Share on other sites

I ran CCleaner and deleted the registry keys that came up as fixable. There were probably 300 for HP alone. I ran FRST again and noticed that there were still listings for HP programs including the ones you gave me fixlogs for. I tried your earlier fixlog from message 13, and it said the programs were closed but they still didn't come up in the uninstall program list. I looked in CCleaner and they weren't there to delete either.

I also noticed that there was a registry search in FRST and I put in "HPPhotosmartEssential" and it returned this log, below, but no way to eliminate the program. Anyway I would guess, at least, a tremendous amount of odd functions are now eliminated from my machine.

Do we do the the cleanup of the Combofix and the other help programs next?

Thanks

SearchReg.txt

Link to post
Share on other sites

  • Staff

: Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by volunteer malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight. They are updated all the time and some of them more than once per day so by the time you are ready to use them again they will already be outdated.

.
The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

  1. Download DelFix and save it to your desktop: >> Delfix.exe <<
  2. Double-click “DelFix.exe”.
  3. select all options avalible
  4. Click the “Run” button.
  5. The tool will delete itself once it finishes, if not delete it by yourself.
  6. If asked to restart the computer, please do so

.

: Security awareness:

.
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article >> Strong passwords: How to create and use them <<

Then consider a password keeper to keep all your passwords safe.

.

.
The other question I am asked all the time is “How can I prevent this from happening again.” and the short answer to that is to be aware of what is out there and how to start spotting dangers.

.
Here are some articles that are must reads and should be read by everybody in your household that uses the internet

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.