[debodun]

I tried again. Here is the fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Owner (24-10-2018 11:28:03) Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: {52D1B772-A164-4976-9597-5BECD9597361} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3384263181-369055421-3260215636-1000
Task: {80B7199B-A54D-4E09-84AF-C895D435EF81} - System32\Tasks\{DB28AAC4-58A4-471C-A8CC-0A8B9CBFF8E6} => C:\Users\Owner\Desktop\DD\Games\ASTRO\ASTRO.EXE [1983-11-11] ()
Task: {8A7A4359-A2B1-44AC-879C-D14DD8B5F309} - System32\Tasks\{FB2047DD-47C4-41E8-988F-991725D1BB0D} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
Task: {D8060F20-2AF7-4010-8722-E73039BEA018} - System32\Tasks\{7771A4AC-76DB-4824-A025-706FC8FBFA13} => C:\Users\Owner\Desktop\DD\Games\ASTRO\ASTRO.EXE [1983-11-11] ()
Task: {E1138DDE-FC63-4D5A-A0C5-C13AD4F5AEE0} - System32\Tasks\{11C6843C-087E-401F-A969-AB4FE5F21D3B} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
Task: {EB1BC358-EB13-4BA5-93F8-1390C2F2B874} - System32\Tasks\{3831C2E7-DCFA-4E96-9F06-C7CC94D6C4C4} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
Task: {FC313E55-25B0-4845-87C6-66F271AE8EC7} - System32\Tasks\{BD4C9F3C-DAAC-4CFE-8FC8-BE1EA0D54E71} => C:\Users\Owner\Desktop\DD\Games\Crazy 8s\CRAZY8S.EXE [1994-11-08] ()
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

*****************

PxHlpa64 => service not found.
MBAMSwissArmy => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52D1B772-A164-4976-9597-5BECD9597361} => not found
"C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3384263181-369055421-3260215636-1000" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3384263181-369055421-3260215636-1000 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80B7199B-A54D-4E09-84AF-C895D435EF81} => not found
"C:\Windows\System32\Tasks\{DB28AAC4-58A4-471C-A8CC-0A8B9CBFF8E6}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB28AAC4-58A4-471C-A8CC-0A8B9CBFF8E6} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A7A4359-A2B1-44AC-879C-D14DD8B5F309} => not found
"C:\Windows\System32\Tasks\{FB2047DD-47C4-41E8-988F-991725D1BB0D}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB2047DD-47C4-41E8-988F-991725D1BB0D} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8060F20-2AF7-4010-8722-E73039BEA018} => not found
"C:\Windows\System32\Tasks\{7771A4AC-76DB-4824-A025-706FC8FBFA13}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7771A4AC-76DB-4824-A025-706FC8FBFA13} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1138DDE-FC63-4D5A-A0C5-C13AD4F5AEE0} => not found
"C:\Windows\System32\Tasks\{11C6843C-087E-401F-A969-AB4FE5F21D3B}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11C6843C-087E-401F-A969-AB4FE5F21D3B} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1BC358-EB13-4BA5-93F8-1390C2F2B874} => not found
"C:\Windows\System32\Tasks\{3831C2E7-DCFA-4E96-9F06-C7CC94D6C4C4}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3831C2E7-DCFA-4E96-9F06-C7CC94D6C4C4} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC313E55-25B0-4845-87C6-66F271AE8EC7} => not found
"C:\Windows\System32\Tasks\{BD4C9F3C-DAAC-4CFE-8FC8-BE1EA0D54E71}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD4C9F3C-DAAC-4CFE-8FC8-BE1EA0D54E71} => not found

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 11:28:23 ====

[Advertisements]

That's more like it. Any better booting?

[RKinner]

That's more like it. Any better booting?

[debodun]

Not really. Today it took a really long time. Typically after I press the power button on the case, I don't hear the startup chime for about 3 to 5 minutes (that is an average since it is not consistent)  and the desktop icons stay white squares for a few minutes after that. The HD light flickers for about 10 minutes and when it stops, I consider that the end of the boot cycle.

[RKinner]

Search for

msconfig

hit Enter

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.  If it doesn't boot faster then go back into msconfig and recheck the
things you turned off.  If it helps then go back and turn on a few items each
time until you find the culprit.
 

[debodun]

This is a screenshot of my startup - only 4 items checked out of 5. If I uncheck everything, will the system still function? Also, can I delete the procexp.exe and the LatencyMon?

Attached Thumbnails

• 

Edited by debodun, 24 October 2018 - 03:01 PM.

[RKinner]

Shouldn't hurt anything.

[debodun]

Do you need to see anymore FRST scans?

[RKinner]

Did it make any difference to turn off the 4 items?

[debodun]

Not that I can tell.

[RKinner]

OK.  Turn them back on then look under services.  Are there any checked that aren't Microsoft?

[debodun]

A few:

 

Adobe Acrobat Update Services

Adobe Flash Player Update Services

Apple Mobile Device

Bonjour Services

Google Update Services

iPod Services

Team Viewer 7

[RKinner]

Your TeamViewer is out of date.  Best to uninstall it for now. 

 

Uncheck all of the services you just reported, Apply and Reboot.  Any difference?

[debodun]

Thank you for your assistance in helping me with my problem. I can live with the slow boot. and am satisfied that at least I have no viruses.

[RKinner]

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.

You can run it any time that Chrome/Firefox seems slow starting.

If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.


If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


Ron

[debodun]

I got this far, but was unsure whether to change this:

 

"network.standard-url.punycode-host" Leave this one at default of False.

 

It was at default and true.

 

 

 

 

Edited by debodun, 05 November 2018 - 03:36 PM.