Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Defender and Avast disabled


  • Please log in to reply

#1
ElTee

ElTee

    Member

  • Member
  • PipPip
  • 16 posts

My father has an old computer running Windows Vista that all of a sudden need 30+ minutes to boot to desktop. Once it's booted to desktop everything is slow as can be. Trying to copy the log files from FRST to a USB-stick (30kb roughly) takes 30+ minutes. Also Windows Defender and Avast Anti-Virus is disabled and can't be enabled. When I checked CPU usage it was at 100% with 785 Mb of RAM used, so I did some googling and disabled Windows Update and Superfetch to no avail, so I'm thinking perhaps there's some crap running on the system.

I have run FRST and OTL, log files attached to this post.

The system is an HP SR5612CS with an AMD Athlon 4450e and 2GB of RAM running Windows Vista Home SP2.

 

Thanks in advance!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by jan (administrator) on JAN-DATOR (01-07-2018 11:37:05)
Running from C:\Users\jan\Desktop
Loaded Profiles: jan (Available Profiles: jan)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: Svenska (Sverige)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Prolific Technology Inc.) C:\WINDOWS\System32\IoctlSvc.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-10] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk [2010-08-27]
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Presario&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Presario&pf=cndt
HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://se.altavista.com/
HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Presario&pf=cndt
SearchScopes: HKLM -> {0F14F4D6-62A4-49BE-BAEB-566AB17935B6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
SearchScopes: HKLM -> {60463A28-9362-445C-BD31-DC1ED8320EF3} URL = hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934
SearchScopes: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> DefaultScope {0F14F4D6-62A4-49BE-BAEB-566AB17935B6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
SearchScopes: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> {0F14F4D6-62A4-49BE-BAEB-566AB17935B6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se
SearchScopes: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> {60463A28-9362-445C-BD31-DC1ED8320EF3} URL = hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934
BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-10] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-10] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0073-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-29] [Legacy] [not signed]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> ""
CHR DefaultSearchKeyword: Default -> conduit.search
CHR Profile: C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default [2007-01-02]
CHR Extension: (Battlefield Heroes) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-04-04]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-20] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5830352 2017-09-10] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-10] (AVAST Software)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267520 2017-09-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-09-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-09-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-09-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-09-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70112 2017-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-09-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [773800 2017-09-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [500136 2017-09-10] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202712 2017-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296192 2017-09-26] (AVAST Software)
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [227328 2007-04-23] (NETGEAR Inc. )
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-01 12:05 - 2018-07-01 12:05 - 000001668 _____ C:\Users\Public\Desktop\Defraggler.lnk
2018-07-01 12:05 - 2018-07-01 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2018-07-01 12:04 - 2018-07-01 12:07 - 000000000 ____D C:\Program Files\Defraggler
2018-07-01 11:52 - 2018-07-01 11:44 - 006404096 _____ (Piriform Ltd) C:\Users\jan\Desktop\dfsetup222.exe
2018-07-01 11:36 - 2018-07-01 12:44 - 000013077 _____ C:\Users\jan\Desktop\FRST.txt
2018-07-01 11:15 - 2018-06-29 22:39 - 000602112 _____ (OldTimer Tools) C:\Users\jan\Desktop\OTL.exe
2018-07-01 11:15 - 2018-06-29 22:37 - 001773056 _____ (Farbar) C:\Users\jan\Desktop\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-01 11:36 - 2007-01-01 06:53 - 000000000 ____D C:\FRST
2018-07-01 10:57 - 2006-11-02 14:47 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-01 10:57 - 2006-11-02 14:47 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

==================== Files in the root of some directories =======

2013-07-21 09:52 - 2013-07-23 18:33 - 095023320 ____T () C:\ProgramData\4039.pad
2011-03-15 20:36 - 2011-10-16 12:41 - 000000032 _____ () C:\Program Files\plugins-04041e-1f8.dat
2011-03-10 21:38 - 2016-03-23 16:59 - 000000168 _____ () C:\Users\jan\AppData\Roaming\default.pls
2013-01-27 07:33 - 2013-01-27 07:33 - 000138056 _____ () C:\Users\jan\AppData\Roaming\PnkBstrK.sys
2012-01-30 17:58 - 2014-03-23 11:34 - 000001424 _____ () C:\Users\jan\AppData\Roaming\wklnhst.dat
2010-08-27 20:05 - 2016-03-19 11:26 - 000001356 _____ () C:\Users\jan\AppData\Local\d3d9caps.dat
2010-10-17 16:03 - 2007-01-01 22:11 - 000061952 _____ () C:\Users\jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2014-01-13 15:08 - 2010-10-17 14:04 - 000876824 _____ (DivX, Inc. ) C:\Users\jan\AppData\Local\Temp\DivXSetup.exe
2015-04-13 18:25 - 2015-04-13 18:25 - 000938408 _____ (Oracle Corporation) C:\Users\jan\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe
2017-09-10 16:32 - 2017-09-10 16:32 - 000740416 _____ (Oracle Corporation) C:\Users\jan\AppData\Local\Temp\jre-8u144-windows-au.exe
2016-01-30 10:10 - 2016-01-30 10:10 - 000736352 _____ (Oracle Corporation) C:\Users\jan\AppData\Local\Temp\jre-8u73-windows-au.exe
2013-09-12 11:12 - 2013-09-12 11:12 - 001130576 _____ (BitTorrent Inc.) C:\Users\jan\AppData\Local\Temp\utt2C4F.tmp.exe
2016-08-28 19:52 - 2016-08-28 19:53 - 030533688 _____ () C:\Users\jan\AppData\Local\Temp\vlc-2.2.4-win32.exe
2013-12-25 13:50 - 2013-12-25 13:51 - 000000000 _____ () C:\Users\jan\AppData\Local\Temp\{061E02C4-2B46-4B20-8E65-635B5F625BAB}-31.0.1650.63_chrome_installer.exe
2016-02-18 07:08 - 2016-02-18 07:08 - 044333984 _____ (Google Inc.) C:\Users\jan\AppData\Local\Temp\{0DEC1F2B-C9E7-41FC-A678-85AAC728970E}-48.0.2564.116_chrome_installer.exe
2013-11-17 14:38 - 2013-11-17 14:38 - 000000000 _____ () C:\Users\jan\AppData\Local\Temp\{1D90AA27-9E86-4E5F-88D2-86118533E1B4}-31.0.1650.57_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2007-01-02 15:45

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by jan (01-07-2018 13:56:27)
Running from C:\Users\jan\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2010-08-27 17:13:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-4037423344-1165896761-4045062565-500 - Administrator - Disabled)
Gäst (S-1-5-21-4037423344-1165896761-4045062565-501 - Limited - Disabled)
jan (S-1-5-21-4037423344-1165896761-4045062565-1000 - Administrator - Enabled) => C:\Users\jan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Svenska (HKLM\...\{AC76BA86-7AD7-1053-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Cards_Calendar_OrderGift_DoMorePlugout (HKLM\...\{E535C94A-B87F-4182-BEA8-1E9322078D3E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Combined Community Codec Pack 2011-11-11 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack för Office 2007-systemet (HKLM\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard Active Check for Health Check (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.63.2 - HP) Hidden
HP Demo (HKLM\...\{48BF4489-0C58-4E80-BB17-94A673CE310A}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}) (Version: 5.7.0.2693 - Hewlett-Packard)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (HKLM\...\{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2913 - CyberLink Corp.)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile Language Pack - SVE (HKLM\...\Microsoft .NET Framework 4 Client Profile SVE Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Swedish) (HKLM\...\{95120000-00AF-041D-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{2C1B58D5-6549-472C-86B7-17BE57186628}) (Version: 9.7.0621 - Microsoft Corporation)
MPC-BE 1.4.4.286 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.4.286 - MPC-BE Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Nero 8 (HKLM\...\{6D45EF03-E8EE-4355-81C3-F918CBCF1033}) (Version: 8.3.332 - Nero AG)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.00.0000 - NETGEAR) Hidden
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.00.0000 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.4109 - CyberLink Corp.)
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PSSWCORE (HKLM\...\{09633A5E-3089-41A8-9FF1-382171423C5D}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Spotify (HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - sve) (Version:  - Microsoft Corporation)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Utvärderingsversion av Microsoft Office hem- och studentutgåva 2007 (HKLM\...\OfficeTrial) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (HKLM\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
VideoToolkit01 (HKLM\...\{22F761D1-8063-4170-ADF7-2D2F47834CA9}) (Version: 110.0.171.000 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
XVID Player 1.0 (HKLM\...\XVID Player_is1) (Version:  - vsevensoft.com)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\jan\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-10] (AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-06-08] (Nero AG)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2006-12-03] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2006-12-03] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-09-10] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2006-12-03] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05976084-F83E-42FD-822B-B2EECBF7CDBE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-20] (Adobe Systems Incorporated)
Task: {41A68231-043B-4B2D-A93E-464BB9C8BDC0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-10] (AVAST Software)
Task: {4E9B9504-3A20-42DD-8354-8C5C2EA5B085} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {707C63CF-4116-4C60-A897-E18FBC82E6ED} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {B55B5EA1-6DA4-4512-B121-AF7AABA0206C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E607BDBA-D789-4253-B278-069094C092A0} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-06-12] ()
Task: {FC935D5A-7376-493B-8064-DF7FB1F9C0BC} - System32\Tasks\SafeZone scheduled Autoupdate 1458736886 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-03-12 19:32 - 2006-12-03 15:53 - 000126464 _____ () C:\Program Files\WinRAR\rarext.dll
2017-09-10 15:49 - 2017-09-10 15:49 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 002121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 007745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 000135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-09-14 10:24 - 2007-09-14 10:24 - 001695744 _____ () C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
2017-09-10 15:49 - 2017-09-10 15:49 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-10 13:32 - 2016-07-10 13:33 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-10 15:49 - 2017-09-10 15:49 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-10 15:49 - 2017-09-10 15:49 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-10 15:49 - 2017-09-10 15:49 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-10 15:49 - 2017-09-10 15:49 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\videolan.org -> hxxp://www.videolan.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\img22.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\jan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\jan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\jan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Xvid => C:\Program Files\Xvid\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{1E703B6C-6CEC-414E-910E-4F635ECE1B86}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{95B4E537-B166-4066-AEE2-3D5A786B60CF}] => (Allow) LPort=80
FirewallRules: [{396FFE24-1B90-4A3E-B9EB-A15CDEDCC75C}] => (Allow) LPort=80
FirewallRules: [{0AA4E5E1-92B3-4C78-B82E-5E6AE64808ED}] => (Allow) LPort=80
FirewallRules: [TCP Query User{8B236DCD-4B74-4B8C-9E0D-D3AA647FF357}C:\program files\spotify\spotify.exe] => (Allow) C:\program files\spotify\spotify.exe
FirewallRules: [UDP Query User{2C47FDA2-D4AA-419E-8C05-062AF6D411A1}C:\program files\spotify\spotify.exe] => (Allow) C:\program files\spotify\spotify.exe
FirewallRules: [TCP Query User{26C7F677-7EC9-462D-8C15-7EB8A8DA8A3C}C:\users\jan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{630B5DC3-2388-4BFB-A01D-15E63AED1A96}C:\users\jan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB7281CF-C555-49F8-B5FD-16CD157F15FC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{45DB4AED-D235-4BF9-BC6A-FDAEFCC0E58F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{393ABC74-4689-4054-B141-221C85B3E3FE}C:\users\jan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BC1ECB82-76AD-43B5-9E36-0F32E7DBB70B}C:\users\jan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ED4AE71F-2286-4B1D-B73F-EF3676D042B1}] => (Allow) C:\WINDOWS\System32\PnkBstrA.exe
FirewallRules: [{9B939899-C880-465D-91F2-D08BE3D55A5C}] => (Allow) C:\WINDOWS\System32\PnkBstrA.exe
FirewallRules: [{DC16905E-8DFD-4BD6-8D95-46284F390CCE}] => (Allow) C:\WINDOWS\System32\PnkBstrB.exe
FirewallRules: [{A5D6D34C-3FFD-4484-98E1-99AAD430B6EA}] => (Allow) C:\WINDOWS\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{706AD473-924F-43E0-8CEC-B73BCC0064F8}C:\program files\ea games\battlefield heroes\bfheroes.exe] => (Block) C:\program files\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{4F2A987A-BAE5-4D57-885D-CF0A0A954B47}C:\program files\ea games\battlefield heroes\bfheroes.exe] => (Block) C:\program files\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [{656D9875-5FC2-4212-AA3C-E501C7CB95AC}] => (Allow) C:\Users\jan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9570A00F-203F-4B7D-8E51-A846C594802E}] => (Allow) C:\Users\jan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{96D4018B-A51F-42C8-97B6-C4BE4CF4C9E3}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{07D2816F-DB33-4B04-9048-BB19BCA931ED}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{B73D3A3F-253A-484E-A8F9-C85F9DDCB121}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{CD5F4668-899B-4297-A3E0-1476DA056BC5}] => (Allow) C:\Program Files\Hearthstone\Hearthstone.exe
FirewallRules: [{891C6B6B-51B7-42FB-93C5-6BEAFFE5582E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{607748E2-F995-4BDB-8B86-6F6A6CCF9DC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{499525A3-3D8F-4477-B4F3-ADC45AC0DE9A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft WPD FileSystem Volume Driver
Description: Microsoft WPD FileSystem Volume Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (WPD file system device)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2018 12:30:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.

Error: (07/01/2018 12:29:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen vid: <http://www.download....throotstl.cab>.Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.
.


System errors:
=============
Error: (07/01/2018 11:17:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Servern {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/02/2007 04:09:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Servern {0228576F-6E6C-4E1A-B175-0E46A316AFE2} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/02/2007 04:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Windows Media Player Network Sharing Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (01/02/2007 04:08:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Windows Media Player Network Sharing Service skulle ansluta.

Error: (01/02/2007 04:08:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten ShellHWDetection.

Error: (01/02/2007 04:08:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Background Intelligent Transfer Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (01/02/2007 04:08:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten BITS.

Error: (01/02/2007 04:08:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
i8042prt


CodeIntegrity:
===================================

Date: 2007-01-02 00:48:11.470
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:47:45.608
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:47:18.406
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:46:52.765
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:46:26.940
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:46:00.447
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:45:26.954
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2007-01-02 00:45:00.373
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ Dual Core Processor 4450e
Percentage of memory in use: 45%
Total physical RAM: 1917.76 MB
Available physical RAM: 1036.86 MB
Total Virtual: 4078.04 MB
Available Virtual: 3415.55 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:284.41 GB) (Free:121.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.68 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (UNTITLED) (Removable) (Total:14.42 GB) (Free:14.41 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=284.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.4 GB) (Disk ID: 4D4CD78C)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Avast disables Windows Defender when it installs.

 

This error:
 

Name: Microsoft WPD FileSystem Volume Driver
Description: Microsoft WPD FileSystem Volume Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (WPD file system device)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

 

 

 

 

Is probably the source of your problem.  This is used when you plug in a USB drive.  So it may run better without the USB Drive.  The usual fix for it is to right click on (My) Computer and select Manage then choose Device Manager, View Hidden Devices.  You should see one or more yellow flagged devices under Portable Devices.  Right click on each and uninstall.  (Do not let it remove any files if it asks you)  Then  right click on Portable Devices and Scan for Hardware Changes.  It should reinstall the device(s).  If the yellow flag is gone then you have fixed the problem.

 

If that doesn't help then:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

If that doesn't help then:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

It may help to run in Safe Mode with Networking:

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 

 

You can also try searching for

msconfig

hit Enter.  Then Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.  If it doesn't run faster then go back into msconfig and recheck the
things you turned off.  If it helps then go back and turn on a few items each
time until you find the culprit.
 


  • 0

#3
ElTee

ElTee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

The only flagged device in the device manager is Microsoft ISATAP Adapter, but I'm currently uninstalling it and will reinstall according to your instructions and I'll get back to you as soon as I've completed all steps of your reply.

As soon as I plug the USB-stick in I get that message though, so I'll uninstall and re-install as per instructions.

Thanks


Edited by ElTee, 04 July 2018 - 04:47 AM.

  • 0

#4
ElTee

ElTee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Sorry for not getting back for a while.

The computer was taking ages to complete most things on your list of actions to do.

Once when I rebooted the system I went into BIOS to check that there wasn't something crazy with the settings and then when I rebooted the computer again I noticed the was a diagnostics option available, so I ran the diagnostics and was told there was a problem with the harddrive. When I went back into BIOS I noticed I could do a SMART check and I then got a BIOHD-8 error, which turns out to be a failing harddrive error. I have purchased a new harddrive that I have installed and I'm now in the process of re-installing Windows. Unfortunately it still seems like the computer is slow as heck, but I'll get back again once Windows has finished configuring the computer.


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You might try setting the BIOS to default, Save and Exit.


  • 0

#6
ElTee

ElTee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks RKinner!!!

 

Resetting the BIOS to default did the trick!

Now my fathers computer is "lightning fast" again... Well, atleast as lightning fast as an AMD Athlon 4450e with 2Gb of RAM can be. :-)

 

You guys are the best!


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Glad you got it working.  For what it's worth here is my standard goodbye speech on cleanup and staying clean.

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.


If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP