# Computer running very very slow



## BunniG (May 12, 2017)

My computer is running very very slow. I tried CC Cleaner, ADW Malware, but they are not helping. Takes a really long time to boot and there is a long delay on performing routine tasks like entering and deleting text. Please advise.

Thank you.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 6134 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM 1.0), 256 Mb
Hard Drives: C: 583 GB (323 GB Free); D: 11 GB (2 GB Free);
Motherboard: PEGATRON CORPORATION, Benicia
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled


----------



## flavallee (May 12, 2002)

That's a very old HP/Compaq desktop which is running an unsupported operating system. 
What is its model name and complete model number?
What is the exact serial number and product number on it?

The gold shield experts here can determine if your desktop is infected.
This forum section is very busy, so be patient.

--------------------------------------------------------------


----------



## BunniG (May 12, 2017)

Here is the detail about my computer. It only started running slow a few months ago.

OS Name Microsoft Windows 10 Home
Version 10.0.14393 Build 14393
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name GRAYECONSULTING
System Manufacturer HP-Pavilion
System Model NY614AA-ABA p6234f
System Type x64-based PC
System SKU NY614AA#ABA
Processor Pentium(R) Dual-Core CPU E5400 @ 2.70GHz, 2700 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 5.41, 7/24/2009
SMBIOS Version 2.5
Embedded Controller Version 255.255
BIOS Mode Legacy
BaseBoard Manufacturer PEGATRON CORPORATION
BaseBoard Model Not Available
BaseBoard Name Base Board
Platform Role Desktop
Secure Boot State Unsupported
PCR7 Configuration Binding Not Possible
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "10.0.14393.206"
User Name GrayeConsulting\Susan Graye
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 6.00 GB
Total Physical Memory 5.99 GB
Available Physical Memory 3.23 GB
Total Virtual Memory 12.0 GB
Available Virtual Memory 8.94 GB
Page File Space 6.00 GB
Page File C:\pagefile.sys
Hyper-V - VM Monitor Mode Extensions Yes
Hyper-V - Second Level Address Translation Extensions No
Hyper-V - Virtualization Enabled in Firmware No
Hyper-V - Data Execution Protection Yes


----------



## BunniG (May 12, 2017)

I did find this under System Summary, Software Environment, Running Tasks

adobeupdateservice.exe Not Available 2468 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
agsservice.exe Not Available 2500 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
applicationframehost.exe c:\windows\system32\applicationframehost.exe 3228 8 200 1380 5/12/2017 11:22 AM 10.0.14393.0 49.43 KB (50,616 bytes) 7/16/2016 6:42 AM
armsvc.exe Not Available 2476 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
aswidsagenta.exe Not Available 7048 8 Not Available Not Available 5/12/2017 9:41 AM Not Available Not Available Not Available
audiodg.exe Not Available 6908 8 Not Available Not Available 5/12/2017 7:26 PM Not Available Not Available Not Available
avgsvc.exe Not Available 1932 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
avgsvca.exe Not Available 2484 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
avgui.exe c:\program files (x86)\avg\antivirus\avgui.exe 4368 8 200 1380 5/12/2017 9:41 AM 17.3.3443.95 8.85 MB (9,282,584 bytes) 5/6/2017 8:08 PM
avguix.exe c:\program files (x86)\avg\framework\common\avguix.exe 6364 8 200 1380 5/12/2017 9:41 AM 1.192.3.2507 1.72 MB (1,800,712 bytes) 4/27/2017 10:51 AM
csrss.exe Not Available 764 13 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
csrss.exe Not Available 836 13 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
dashost.exe Not Available 3020 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
dbxsvc.exe Not Available 2528 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
dllhost.exe c:\windows\system32\dllhost.exe 6292 8 200  1380 5/12/2017 4:08 PM 10.0.14393.0 20.84 KB (21,344 bytes) 7/16/2016 6:42 AM
dropbox.exe c:\program files (x86)\dropbox\client\dropbox.exe 2688 8 200 1380 5/12/2017 9:41 AM 25.4.28.0 27.12 MB (28,432,392 bytes) 5/3/2017 8:34 AM
dropbox.exe c:\program files (x86)\dropbox\client\dropbox.exe 5936 8 200 1380 5/12/2017 9:41 AM 25.4.28.0 27.12 MB (28,432,392 bytes) 5/3/2017 8:34 AM
dvdagent.exe c:\program files (x86)\hewlett-packard\media\dvd\dvdagent.exe 6884 6 200 1380 5/12/2017 9:41 AM 5.0.0.0 125.29 KB (128,296 bytes) 7/23/2009 10:45 PM
dwm.exe Not Available 756 13 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
explorer.exe c:\windows\explorer.exe 4536 8 200 1380 5/12/2017 9:40 AM 10.0.14393.1198 4.46 MB (4,674,360 bytes) 5/11/2017 10:03 AM
fahwindow64.exe c:\program files\winzip\fahwindow64.exe 6836 8 200 1380 5/12/2017 9:41 AM 2.5.12109.0 182.21 KB (186,584 bytes) 6/2/2016 8:50 PM
firefox.exe c:\program files (x86)\mozilla firefox\firefox.exe 10736 8 200 1380 5/12/2017 7:22 PM 53.0.2.6333 504.95 KB (517,064 bytes) 6/9/2016 9:09 AM
firefox.exe c:\program files (x86)\mozilla firefox\firefox.exe 11008 8 200 1380 5/12/2017 7:22 PM 53.0.2.6333 504.95 KB (517,064 bytes) 6/9/2016 9:09 AM
flashplayerplugin_25_0_0_148.exe c:\windows\syswow64\macromed\flash\flashplayerplugin_25_0_0_148.exe 9380 8 200 1380 5/12/2017 7:32 PM 25.0.0.148 3.29 MB (3,451,992 bytes) 4/21/2017 8:17 AM
flashplayerplugin_25_0_0_148.exe c:\windows\syswow64\macromed\flash\flashplayerplugin_25_0_0_148.exe 132 8 200 1380 5/12/2017 7:32 PM 25.0.0.148 3.29 MB (3,451,992 bytes) 4/21/2017 8:17 AM
fontdrvhost.exe Not Available 4576 8 Not Available Not Available 5/12/2017 9:43 AM Not Available Not Available Not Available
helppane.exe c:\windows\helppane.exe 11032 8 200 1380 5/12/2017 7:22 PM 10.0.14393.1066 953.00 KB (975,872 bytes) 4/19/2017 10:13 AM
intuitupdateservice.exe Not Available 1996 8 Not Available Not Available 5/12/2017 9:42 AM Not Available Not Available Not Available
jusched.exe c:\program files (x86)\common files\java\java update\jusched.exe 6360 8 200 1380 5/12/2017 9:41 AM 2.8.131.11 573.52 KB (587,288 bytes) 3/15/2017 2:43 AM
lsass.exe Not Available 948 9 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
mccicmservice.exe Not Available 2644 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
mccicmservice.exe Not Available 2652 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
memory compression Not Available 3060 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
mqsvc.exe Not Available 2712 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
msinfo32.exe c:\windows\system32\msinfo32.exe 8540 8 200 1380 5/12/2017 7:23 PM 10.0.14393.447 361.00 KB (369,664 bytes) 11/9/2016 10:49 AM
netsession_win.exe c:\users\susan graye\appdata\local\akamai\netsession_win.exe 1712 8 200 1380 5/12/2017 9:41 AM 1.9.5.2 4.28 MB (4,490,200 bytes) 1/3/2017 3:12 PM
netsession_win.exe c:\users\susan graye\appdata\local\akamai\netsession_win.exe 2040 8 200 1380 5/12/2017 9:41 AM 1.9.5.2 4.28 MB (4,490,200 bytes) 1/3/2017 3:12 PM
offcat_rts.exe c:\users\susan graye\appdata\local\microsoft\offcat\offcat_rts.exe 2940 8 200 1380 5/12/2017 9:41 AM 2.2.6018.801 356.88 KB (365,440 bytes) 8/1/2016 1:58 PM
officeclicktorun.exe Not Available 2568 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
onedrive.exe c:\users\susan graye\appdata\local\microsoft\onedrive\onedrive.exe 5828 8 200 1380 5/12/2017 9:41 AM 17.3.6799.327 1.45 MB (1,518,808 bytes) 3/6/2015 2:28 PM
onedrive.exe c:\users\susan graye\appdata\local\microsoft\onedrive\onedrive.exe 6500 8 200 1380 5/12/2017 9:41 AM 17.3.6799.327 1.45 MB (1,518,808 bytes) 3/6/2015 2:28 PM
plugin-container.exe c:\program files (x86)\mozilla firefox\plugin-container.exe 2416 8 200 1380 5/12/2017 7:32 PM 53.0.2.6333 152.95 KB (156,616 bytes) 6/9/2016 9:09 AM
runtimebroker.exe c:\windows\system32\runtimebroker.exe 4552 8 200 1380 5/12/2017 9:40 AM 10.0.14393.0 32.83 KB (33,616 bytes) 7/16/2016 6:42 AM
sdfssvc.exe Not Available 2800 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
sdtray.exe c:\program files (x86)\spybot - search & destroy 2\sdtray.exe 4212 8 200 1380 5/12/2017 9:41 AM 2.4.40.129 3.91 MB (4,101,576 bytes) 6/27/2016 9:57 PM
sdupdsvc.exe Not Available 2812 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
sdwscsvc.exe Not Available 2996 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
searchindexer.exe Not Available 2192 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
searchui.exe c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe 5568 8 200 1380 5/12/2017 9:40 AM 10.0.14393.953 10.16 MB (10,652,512 bytes) 3/23/2017 2:20 PM
services.exe Not Available 940 9 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
shellexperiencehost.exe c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe 5148 8 200 1380 5/12/2017 9:40 AM 10.0.14393.447 1.58 MB (1,653,600 bytes) 11/9/2016 10:52 AM
sihost.exe c:\windows\system32\sihost.exe 2096 8 200 1380 5/12/2017 9:40 AM 10.0.14393.0 77.00 KB (78,848 bytes) 7/16/2016 6:42 AM
skypehost.exe c:\program files\windowsapps\microsoft.skypeapp_11.15.597.0_x64__kzf8qxf38zg5c\skypehost.exe 7560 8 200 1380 5/12/2017 9:43 AM 11.15.597.0 73.00 KB (74,752 bytes) 5/9/2017 8:30 AM
smss.exe Not Available 524 11 Not Available Not Available 5/12/2017 9:39 AM Not Available Not Available Not Available
smsvchost.exe Not Available 3820 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
smsvchost.exe Not Available 4304 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
spoolsv.exe Not Available 1832 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
stopzilla.exe c:\program files\is3\stopzilla antivirus\stopzilla.exe 9032 8 200 1380 5/12/2017 9:44 AM 8.0.3.258 5.22 MB (5,470,112 bytes) 2/21/2017 6:58 PM
svchost.exe Not Available 72 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 708 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1088 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1116 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1128 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1212 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1496 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1656 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1716 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1780 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 1856 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 2432 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 2516 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 2560 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 2776 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe Not Available 3728 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
svchost.exe c:\windows\system32\svchost.exe 5200 8 200 1380 5/12/2017 9:40 AM 10.0.14393.0 43.45 KB (44,496 bytes) 7/16/2016 6:42 AM
system Not Available 4 8 Not Available Not Available 5/12/2017 9:39 AM Not Available Not Available Not Available
system idle process Not Available 0 0 Not Available Not Available 5/12/2017 9:39 AM Not Available Not Available Not Available
szserver.exe Not Available 8248 8 Not Available Not Available 5/12/2017 9:43 AM Not Available Not Available Not Available
taskhostw.exe c:\windows\system32\taskhostw.exe 5360 8 200 1380 5/12/2017 9:40 AM 10.0.14393.0 86.32 KB (88,392 bytes) 7/16/2016 6:42 AM
uploaderservice.exe Not Available 2872 6 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
wininit.exe Not Available 824 13 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
winlogon.exe Not Available 908 13 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
winword.exe c:\program files\microsoft office\root\office16\winword.exe 10576 8 200 1380 5/12/2017 7:24 PM 16.0.7967.2161 1.86 MB (1,947,848 bytes) 9/5/2016 2:04 PM
wmiprvse.exe Not Available 7760 8 Not Available Not Available 5/12/2017 7:23 PM Not Available Not Available Not Available
wmiprvse.exe Not Available 5172 8 Not Available Not Available 5/12/2017 7:33 PM Not Available Not Available Not Available
wudfhost.exe Not Available 1504 8 Not Available Not Available 5/12/2017 9:40 AM Not Available Not Available Not Available
wzpreloader.exe c:\program files\winzip\wzpreloader.exe 3852 8 200 1380 5/12/2017 9:41 AM 20.5.12146.0 130.09 KB (133,216 bytes) 6/2/2016 8:50 PM
wzupdatenotifier.exe c:\program files\winzip\wzupdatenotifier.exe 6864 8 200 1380 5/12/2017 9:41 AM 2.0.12109.0 1.46 MB (1,531,616 bytes) 6/2/2016 8:50 PM


----------



## flavallee (May 12, 2002)

You have a *HP Pavilion p6234f Desktop PC* (NY614AA).
It was introduced in September 2009 and came with Windows 7 Home Premium 64-bit and came with these specs:
Intel Pentium E5400 2.70 GHz dual core processor
6 GB of DDR2-800 RAM
640 GB SATA 3.0 Gb/s hard drive
DVD+/-RW disc drive
Intel GMA 3100 graphics
Realtek ALC888S high definition audio
Realtek RTL8111C 10/100 Mbps ethernet
250W power supply

That desktop is over 7 years old and wasn't designed for running Windows 10 Home 64-bit, so you should've stuck with Windows 7 Home Premium 64-bit.
From what I see in your various logs, I'm betting your desktop is infected, but I'm not trained for or authorized to help you in this section.
You need to wait until a gold shield member replies.

---------------------------------------------------------------


----------



## BunniG (May 12, 2017)

How do I get a gold shield member to look at my issue?


----------



## wannabeageek (Nov 12, 2009)

Hi BunniG,

Did you install this Antivirus program? >>> PC Cleaner Pro


----------



## flavallee (May 12, 2002)

*wannabeageek* has replied, so you're in good hands now. 

---------------------------------------------------------------


----------



## BunniG (May 12, 2017)

Wannabeageek, I have AVG and StopZilla running. Should I delete those and install PC Cleaner Pro?

B


----------



## wannabeageek (Nov 12, 2009)

Greeting Bunnig,



> Should I delete those and install PC Cleaner Pro?


No. Do not add or remove anything unless I direct you to do so.

Please run the following:

*FRST - Farbar Recovery Scanner Tool*








Please download *FRST64.exe* ... by Farbar. *Save or move it to your desktop.*

Right click on *FRST64.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button. ... A log will be created *FRST.txt* in the same directory the tool is run.
Please copy/paste *FRST.txt* it to your reply.
The first time the tool is run, it makes also another log... *Addition.txt*.
Please copy/paste *Addition.txt* in your reply.

*NOTE:* If there is not enough room to post each file on its own post, then attach both files in your next response. 
If you need help, ask.

wbg


----------



## BunniG (May 12, 2017)

Attached the two logs.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

*Before we continue, please read and follow these important guidelines*, so things will proceed smoothly. 

 *The instructions being given are for YOUR computer and system only!*
Using these instructions on a different computer *can cause damage *to that computer and possibly *render it inoperable*!
 You *must* have *Administrator* rights, permissions for this computer.
 *DO NOT run any other fix or removal tools unless instructed to do so! <<<*
 *DO NOT install* any other software (or hardware) during the cleaning process until we are done as well as 
*DO NOT Remove, or Scan with anything on your system unless I ask.* This adds more items to be researched. 
*Extra Additions and Removals of files make the analysis more difficult.*
 *Only *post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
 *Print each set of instructions *if possible - your Internet connection will not be available during some fix processes.
 Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 *Only *reply to this thread, do not start another one. Please, continue responding, until I give you the "*All Clean!*"
*Absence of symptoms does not mean that everything is clear.*

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Please take time to read *TSG Forum Guidelines and Rules* where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
*lf you have any questions or problems executing these instructions, <<STOP>>  do not proceed, post back with the question or problem.*



> _Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop._


*Because of this, I advise you to backup any personal files and folders before you start*

*Note: Save or Move all downloaded files to your Desktop.*


----------



## BunniG (May 12, 2017)

Hi, I have backed up my files.


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Please uninstall the following programs:


> STOPzilla AntiVirus
> AVG Antivirus
> Spybot - Search and Destroy *Out of date*


Please make sure that Windows Defender is enabled and updated. If you have any trouble, post back and let me know.

SpywareBlaster is ok but I use MalwareBytes. I have read reviews where some people use both. We will address this later.

*CCleaner
Warning! Do not use the registry cleaning function in* *CCleaner* Registry cleaners do not provide any speed increases and can potentially damage your computer up to and including rendering it unbootable.

Post back when you have uninstalled the 2 anti-virus programs.
If AVG gives you any trouble, I will get the AVG removal program link to you.


----------



## BunniG (May 12, 2017)

Windows Defender Real Time Protection will not turn on. Message is that another program is handling that. I deleted AVG, but it is still handing around. Therefore, I have NO real time protection. Please advise.


----------



## BunniG (May 12, 2017)

"hanging around" not "handling around"


----------



## wannabeageek (Nov 12, 2009)

Hi B,

The AVG removal tool is Here

Save it or move it to your desktop and remember to: "Right click and run as Admin".

After running the removal tool, reboot the computer if it does not do this automatically.

Then try to activate Windows Defender again.


----------



## BunniG (May 12, 2017)

Hi, OK I have removed Stopzilla, AVG, and SpyBot Search & Destroy. Windows Defender is now running.

Next steps?

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Please run the following and post the results.

*Step 1.*







Please download *Junkware Removal Tool* and save it to your *desktop*.

Shut down your protection software as shown in *This topic* now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (*JRT.txt*) is saved to your desktop and will automatically open.
Please post the contents of *JRT.txt* into your next reply.

*Step 2.
AdwCleaner Download and Run*

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:










You will then see the screen below. Click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run. 
It may take several minutes to complete. When it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. 
You will then be presented with the report. Copy & Paste it into your next post.



*Please post the content of the C:\AdwCleaner[S?].txt logfile in your next reply.*

*Please include in your next reply:*

Contents of *JRT.txt*
Contents of *C:\AdwCleaner[S?].txt*
*Any problem executing the instructions?*
*How is the computer behaving?*
Thanks, 
wbg


----------



## BunniG (May 12, 2017)

I am only using Windows Defender now for my anti-virus. Should I turn that off before running Junkware Removal? When do I turn it back on? 
'
I run ADW all the time. Do I run that with Windows Defender on or off?

Please advise about when to turn Windows Defender back on.

Thanks,

B


----------



## wannabeageek (Nov 12, 2009)

Turn off windows defender for all scans and then turn it back on when done.


----------



## BunniG (May 12, 2017)

Hi, I ran the two scans and my log files for the Junk Removal Tool and ADW are in the attached Word doc. I am seeing speed improvement when I boot, log onto programs and response time when typing.

B


----------



## wannabeageek (Nov 12, 2009)

Please post the text reports that the programs produced. I have no use for ".docx" files. Not to mention that the ".docx" files can contain vbs macro commands used to spread malware.


----------



## BunniG (May 12, 2017)

Hi,

Will rerun the two programs later today and post the .txt file.

B


----------



## wannabeageek (Nov 12, 2009)

Do not rerun the programs. Post the original files.


----------



## BunniG (May 12, 2017)

Hi, found the two text files I ran this morning. See attached.

B


----------



## BunniG (May 12, 2017)

Hi,

I posted the original JRT and ADW text files I ran yesterday. See above.

What are my next steps?

Thanks,

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Please run the following:

*Step 1.*
*Registry Backup (TCRB)* 
*TCRB should still be on your desktop - if not;*
Please download *tweaking.com_registry_backup_setup.exe*
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial *here* or at the download site.

Once the program is installed...

Double click the *Tweaking.com Registry Backup* icon ... on your Desktop to open the program.
Right mouse click the *Tweaking.com Registry Backup* icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
It should open with the *Backup Registry* tab selected and all file options checked. _Check any that are not already checked._
Click on *Backup Now* to create a backup of your Registry.
You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
When completed you should see a message saying something like ... *Successful ??/?? Registry Files Backed Up* ... ?? is total number of files, both numbers should match.
Close and exit the program.

* < STOP >  If you did not successfully complete this step.  < STOP >  Do not continue with any other steps, post back and let me know! *

*Step 2.
Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). Please post the contents in your reply.


----------



## BunniG (May 12, 2017)

Hi,

Should I download FRST64 from Bleeping Computer? Do not have a link to that file.

Please advise.

Thanks,

B


----------



## wannabeageek (Nov 12, 2009)

FRST64 should still be on your computer from when you ran that scan back on page one of this thread.


----------



## BunniG (May 12, 2017)

Hi,

I downloaded several copies of "Tweaking ..... setup.exe" and when I double-click the file, I get this error message.










Please advise.

Thanks,

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

We need to see what has changed since the last scan because TCRB is not installing.

*Run a* *New* *Scan With the Farbar Scan Tool*

Right click on *FRST64.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. When the tool opens click *Yes* to disclaimer.
Check the box for Addition.txt so it will produce that file again.
Press the Scan button.
When finished scanning, a new version of the logs FRST.txt and Addition.txt will be saved on your Desktop and opened in Notepad.
Please post the contents of both as attachments in your next reply.


----------



## BunniG (May 12, 2017)

Hi,

Ran a new scan and posted new versions of FRST.txt and Addition.txt. Computer was running a little faster, but now seems a little slower. Lag when typing.

B


----------



## wannabeageek (Nov 12, 2009)

Are you disabling Windows Defender prior to running TCRB?


----------



## BunniG (May 12, 2017)

Hi, No I did not disable Windows Defender. I will do that and then run TCRB.

B


----------



## BunniG (May 12, 2017)

Hi,

I installed TCRB, but when I got the options to run it, I am using the Fallback Method. I thought I was supposed to use the Volume Shadow Method. See below.










When I didn't sign on as administrator, I had to option to chose either method. Please advise.

B


----------



## wannabeageek (Nov 12, 2009)

> When I didn't sign on as administrator....B


How many of these steps did you execute in a mode other than administrator?


----------



## BunniG (May 12, 2017)

When I was NOT in administrator mode, I started the program and stopped when it asked if I wanted to run in Fallback mode or Volume Shadow. In administrator mode, I started the program and when I saw it was in Fallback mode, I stopped. 

So, I have never run the program past those choices.

What are my next steps?

B.


----------



## wannabeageek (Nov 12, 2009)

Hi B,

If it gave you both options, you may have been in administrator mode and not realized it. Also by default your account is administrator: "Ran by Susan Graye (administrator)" << Taken from the FRST report.

So let us have another go at this TCRB.


Right mouse click the *Tweaking.com Registry Backup* icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
It should open with the *Backup Registry* tab selected and all file options checked. _Check any that are not already checked._
Click on *Backup Now* to create a backup of your Registry.
You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
When completed you should see a message saying something like ... *Successful ??/?? Registry Files Backed Up* ... ?? is total number of files, both numbers should match.
Close and exit the program.

*If it gives the choice again of Fallback mode or Volume Shadow, 
by all means choose the Volume Shadow.*

Please post back with the results.


----------



## BunniG (May 12, 2017)

Hi,

Should I run both Tweaking and FRST(64) with the fixlist.txt?

B


----------



## BunniG (May 12, 2017)

Hi,

Issue with Tweaking. I am not getting the option to run Shadow Copy no matter how I launch the program. Tried launching the program with "Run as Administrator" and just opening it. I get the same result. See below.

As you said, I am probably in Administrator mode when I sign on. Should I run the backup in Fallback?










B


----------



## wannabeageek (Nov 12, 2009)

Go ahead and run the Fallback Backup Method followed by the FRST fix. Remember to "Right Mouse" click to "Run as Administrator".


----------



## BunniG (May 12, 2017)

Hi,

Ran the registry backup and got this error message. Attached the log .txt files. What are my next steps? B


----------



## wannabeageek (Nov 12, 2009)

I am looking into the Errors! issue with TCRB. It may take an extra day to get answers, so bare with me.
Thank you,
wbg


----------



## BunniG (May 12, 2017)

Hi, Thanks for the update. Waiting for your advice.

B


----------



## BunniG (May 12, 2017)

Hi

Have not heard anything since last Wednesday. Should I run the backup again?

B


----------



## wannabeageek (Nov 12, 2009)

Still working out solution details. Will post back late Tuesday or late Wednesday as it is an American Holiday weekend and some people don't work the holidays and or weekends.


----------



## BunniG (May 12, 2017)

Thank you, look forward to your analysis and potential solution.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Here is the fix I was verifying. FRST64 should still be on your desktop.

*Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.

When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). Please post the contents in your reply.


----------



## BunniG (May 12, 2017)

Hi,

Should I back up my registry again before running this? I may have changes since last week. Please advise.

B


----------



## wannabeageek (Nov 12, 2009)

The fix I gave you is to address this problem only. Run the fix.
Then we will address the next issue with the Volume Shadow Service.


----------



## BunniG (May 12, 2017)

Hi,

I ran the fix this morning. See the attached logs for the current scans and the fix.

What is my next step?

B


----------



## BunniG (May 12, 2017)

Hi,

The scans in my previous messages were *before *the fix. I am attaching the scans *after *the fix here.

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> Hi,
> 
> The scans in my previous messages were before the fix. I am attaching the scans after the fix here.
> 
> B


*Please review the instructions in post #12 I posted on page 1 of this thread with emphasis on #4.*

*You do NOT need to do a backup for this fix.
Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.

When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). Please post the contents in your reply.

Thank you,
wbg


----------



## BunniG (May 12, 2017)

Hi,

Downloaded the new Fixlist.txt and ran the fix. My Fix log is attached.

Also, reviewed the instructions in post #12 located on page 1 of this thread with emphasis on instructions in #4. Will not download any other programs or run any scans until this process is complete.

B


----------



## wannabeageek (Nov 12, 2009)

For a computer that is over 8 years old, it seems to be missing several hotfix updates. I will be in touch with more information in a day or 2 so please bare with me.
By the way, when did you get this computer?


----------



## BunniG (May 12, 2017)

Bought the computer new, so it must be 7 or 8 years old. Will try to find the papers tomorrow.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Sorry for the delay. Leave it to Microsoft to change the way Hotfixes are displayed, (Windows Updates).
I was expecting to see the usual 150-200 updates that used to display on the computers. that upgrade from Windows 7 to 10. I checked a few other machines to verify the change.
Please let's proceed with the process.

*Step 1.*
*Registry Backup (TCRB)* 
*TCRB should still be on your desktop - if not;*
Please download *tweaking.com_registry_backup_setup.exe*
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial *here*.

Once the program is installed...

Right mouse click the *Tweaking.com Registry Backup* icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
It should open with the *Backup Registry* tab selected and all file options checked. _Check any that are not already checked._
From the *Settings* tab, open advanced settings.








.
.
UNCHECK the Button circled in RED.








.
.
Click on *Backup Registry* Tab.
Click on *Backup Now* to create a backup of your Registry.
You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
When completed you should see a message saying something like ... *Successful ??/?? Registry Files Backed Up* ... ?? is total number of files, both numbers should match.
Close and exit the program.

* < STOP >  If you did not successfully complete this step.  < STOP >  Do not continue with any other steps, post back and let me know! *

*Step 2.
Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). 
Please attach the file in your next reply.


----------



## BunniG (May 12, 2017)

Hi,

Glad my issue enabled you to learn more about Hotfixes!

Ran the registry back up (no issues) and FRST64. My Fixlog.txt file is attached.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Good job. This is a continuous learning process and anyone that says otherwise...well...hmm...
Anyway, let's continue.

Please run the following and attach the results.

*Step 1.*
*ESET online scanner*



> NOTES:
> * You can use either Internet Explorer or Mozilla FireFox for this scan.*
> _If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select *'Run as administrator' *to perform this scan._
> If using Mozilla Firefox you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install
> _All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox._


*Step 1a. Download/Install*

First please *Disable* any* Antivirus * you have active, as shown in *This topic*. Scroll down to find your product.
*REMEMBER: to re-enable it after the scan.*
Next hold down Control then click on the following link to open a new window to *ESET online scanner*
Press the *Scan Now* button on the bottom left column of the page.
A popup box should open. If not, Double click on the file, "esetonlinescanner_enu.exe" in the download folder.
Select the option *Accept* Button For the Terms of Use. If prompted by UAC, please allow it. then click on *Start*.
When prompted allow the *Add-On/Active X* to install.
Click on the button: "*Enable detection of potentially unwanted applications"*
Now click on *Advanced Settings* and select the following:
*Enable detection of potentially unsafe applications*
*Enable detection of suspicious applications*
*Scan archives*
*Enable Anti-Stealth Technology*
*Make sure* that the option *Clean threats automatically* is *NOT checked.*


*Step 1b. Scan*

Now click on *Scan*.
The *virus signature database... *will begin to download. *Be patient*, this make take some time depending on the speed of your Internet Connection.
When completed the* Online Scan* will begin automatically. *Again, Be patient*. This may take some time as well depending upon the *amount of data on the drive(s) being scanned*.
When the scan is completed, click *Copy* to *clipboard* and *paste in your next post*.
Click the "*Do not clean*" text at the bottom of the window.
*Be sure you have copied and posted the log file first!*
If you would like the program removed, Check the box: *Delete application's data on close*.
Now click on *Finish*.
Close the popup for the 30-day trial by clicking the *X* at the top right corner.

*Remember to re-enable your Anti-Virus application after running the above scan!*

*Step 2.
Run a* *New* *Scan With the Farbar Scan Tool*

Right click on *FRST64.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. When the tool opens click *Yes* to disclaimer.
Check the box for Addition.txt so it will produce that file again.
Press the Scan button.
When finished scanning, a new version of the logs FRST.txt and Addition.txt will be saved on your Desktop and opened in Notepad.
Please post the contents of both in your next replies.
Separate replies are fine.


----------



## BunniG (May 12, 2017)

Hi,

Results from the ESET online scan.

B

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\apn\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.2.0.crx.vir Win32/Bundled.Toolbar.Ask.P potentially unsafe application,Win32/Bundled.Toolbar.Ask.Q potentially unsafe application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\files\izivdgongnridpgelahbmggxoaquobwb\uninstall.exe a variant of Win32/Adware.Coupons.AA application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\ProgramData\Trivantis\Lectora Publisher\Chrome\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.2.0_0\background\background.js Win32/Bundled.Toolbar.Ask.P potentially unsafe application 
C:\ProgramData\Trivantis\Lectora Publisher\Chrome\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.2.0_0\background\popup.js Win32/Bundled.Toolbar.Ask.Q potentially unsafe application 
C:\ProgramData\Trivantis\Lectora Publisher\Chrome\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.2.0_0\tb_ux\options.js Win32/Bundled.Toolbar.Ask.P potentially unsafe application 
C:\Users\All Users\Trivantis\Lectora Publisher\Chrome\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.2.0_0\background\background.js Win32/Bundled.Toolbar.Ask.P potentially unsafe application 
C:\Users\All Users\Trivantis\Lectora Publisher\Chrome\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.2.0_0\background\popup.js Win32/Bundled.Toolbar.Ask.Q potentially unsafe application 
C:\Users\All Users\Trivantis\Lectora Publisher\Chrome\Default\Extensions\aaaanoehjhfnnichccofiabhckegmaaj\7.15.2.0_0\tb_ux\options.js Win32/Bundled.Toolbar.Ask.P potentially unsafe application


----------



## BunniG (May 12, 2017)

Hi,

I attached the two FRST scans run on 6-6-2017, following the ESET scan.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Other than WINZIP and Trivantis, your logs look clean. Unless you have a specific reason for WINZIP, I would remove it and install 7-zip. http://www.7-zip.org/ 
7-zip has more features and does not appear to trigger any malware programs that I am aware of.

A few questions:


How is the computer performing?

Did I have you run or did you run the AVG removal tool?

What is "ThreatTrack Security"?

Do you have any "Kaspersky" programs installed?

Please run the following fix. A backup is not required.


----------



## BunniG (May 12, 2017)

Hi,

In answer to your questions...


I will remove WINZIP and install 7-zip
The computer is faster, but still has a delay, most noticeably when using and editing Microsoft Office products--Word, PowerPoint
I did run the AVG removal tool per your instructions
I don't know what "ThreatTrack Security" is. Should I remove it? Can I?
I was using Kaspersky, but stopped. Is it still installed? Should I remove it?
I attached my Fixlog. Not much in it.

*What about running Hiijack This? *An analysis of a HT log helped me with problems on an older desktop. This was a long time ago.

B


----------



## wannabeageek (Nov 12, 2009)

Re-run the fix. This time make sure that you are running the FRST64 as follows: 
Right click on *FRST64.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. When the tool opens click *Yes* to disclaimer.


----------



## BunniG (May 12, 2017)

Hi,

Should I use the fixlist.txt from last Friday or none? 

I looked at my programs list and I did not find Kaspersky or AVG on the programs list. Did you find traces of the programs?

Please advise.

B


----------



## wannabeageek (Nov 12, 2009)

Please do use the flxlist from last Friday. I will address the other issues after I get the report I need.


----------



## BunniG (May 12, 2017)

Hi,

I attached the Fixlog file I ran this morning.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

I need to find the information necessary in order remove the offending program(s)/remnants. These are simple to run and should take no time and all.
Please run the following:

*Step 1.*
*SystemLook*

Please download *SystemLook_x64* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Right-click *SystemLook.exe* and select * " Run as administrator " *to run it... if UAC prompts, please allow it.
Copy the contents of the search.txt file into the main textfield:
Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Close the file.
Please attach this file called *SystemLook.txt* in your next reply.

*Step 2.*
*Run CKScanner*

Please download *CKScanner* from *Here*
*Important:* - Save it to your* desktop.*
Right-click *CKScanner.exe* > select * " Run as administrator " *then click *Search For Files*.
After a very short time, when the cursor hourglass disappears, click *Save List To File*.
A message box will verify the file saved. *Please Run the program only once.*
Attach the file *CKFiles.txt* in your next reply.

Thank you,
wbg


----------



## BunniG (May 12, 2017)

Hi,

Don't see any search.txt file???? Is it an attachment?

B


----------



## wannabeageek (Nov 12, 2009)

Many apologies as for reasons unknown the file did not attach to my prior post and I missed it.


----------



## BunniG (May 12, 2017)

Hi,

I attached the two scans, SystemLook and CKFiles.

What Registry cleaner can I use? I used to run the Registry cleaner with CCleaner. There were always lots of files to be deleted.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

I am sorry this is taking so long as I am doing my best to keep from interfering with the business software installed.
Normally I/we work on home/non-business computers, so I ask you to bare with me on this.

I noticed you have a large amount of sites in the Restricted Zone in Internet Explorer. This may cause slow-down problems in some applications, including the browser itself. This is because Internet Explorer is built into the operating system.

Here is the next fix in the great scheme of things.

*Step 1.*
*Registry Backup (TCRB)* 
*TCRB should still be on your desktop - if not;*
Please download *tweaking.com_registry_backup_setup.exe*
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial *here*.

Once the program is installed...

Right mouse click the *Tweaking.com Registry Backup* icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
It should open with the *Backup Registry* tab selected and all file options checked. _Check any that are not already checked._
From the *Settings* tab, open advanced settings.








.
.
UNCHECK the Button circled in RED.








.
.
Click on *Backup Registry* Tab.
Click on *Backup Now* to create a backup of your Registry.
You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
When completed you should see a message saying something like ... *Successful ??/?? Registry Files Backed Up* ... ?? is total number of files, both numbers should match.
Close and exit the program.

* < STOP >  If you did not successfully complete this step.  < STOP >  Do not continue with any other steps, post back and let me know! *

*Step 2.
Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*).
Please attach the file in your next reply.

*B's questions from earlier posts:*



> I run ADW all the time. Do I run that with Windows Defender on or off?


ON. It should work just fine without disabling Windows Defender.



> What Registry cleaner can I use? I used to run the Registry cleaner with CCleaner. There were always lots of files to be deleted.


None. There is no known benefit to running a registry cleaner. There is however a good deal of danger of removing a vital registry component which would corrupt the installed programs or even make your computer unbootable. Most files and entries that are removed by cleaners are temporary and would be removed anyway by the registry self maintenance.
Now, if you are an experienced programmer with an extensive knowledge of the Windows Registry Database a registry cleaner would be of use to you.


----------



## BunniG (May 12, 2017)

Hi,

Before I run the programs you suggest, I want to clarify that I am using my home computer for primarily personal and sometimes business if they don't give me a laptop.

Also, I *never *use Internet Explorer, I primarily use Firefox (default) and sometimes Chrome, so I don't know why there would be restricted sites. I have *never *put sites on a restricted list.

B


----------



## BunniG (May 12, 2017)

Hi,

Some bad news. I backed up the registry, downloaded the fixlist, and started to run FRST64. Part of the way through the fix, the computer restarted and now I cannot boot to Windows. I get a blue screen that suggests various repair options I can try. Any advice here? I'm thinking about taking the option to restore. I believe that will go to the most recent restore point. 

B


----------



## BunniG (May 12, 2017)

Hi,

Good news. I took one of the automatic repair options and everything is now running. I attached the Fixlog. Maybe you can see something there. I'm assuming the repair loaded the most recent restore point which was created before the fix started.

Should I get rid of the restricted sites in Internet Explorer? I never set them up.

B


----------



## wannabeageek (Nov 12, 2009)

Tell me how the computer is running.

What automatic repair option did you select?

Test run ALL your programs to ensure they operate and report any that do not run.


----------



## BunniG (May 12, 2017)

Hi,

Computer is till running some programs slow. For example, this site is fast, but Word and PowerPoint are slow. Internet programs are slow.

Programs that I have issues with--Visio 2013 (had to be configured) and Adobe Acrobat Reader. Had to remove it and reinstall. Still testing other programs.

Not sure which automatic repair option finally worked. I tried several and repeated some. Not sure if the computer reverted to the most recent restore point. Luckily, a restore point was created prior to running the fix.

Will test more programs tonight after work.

B


----------



## BunniG (May 12, 2017)

Hi,

I tested my programs and everything is running with the exception of Adobe Acrobat Reader which I had to delete an reinstall. Also my printer driver was missing, but I just added it and everything is printing. 

Are there any next steps? To check the computer after that failure?

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

FRST64 should still be on your desktop. Run this fix to check for any other issues withg the Operating System.

*Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.

When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). Please post the contents in your reply.


----------



## BunniG (May 12, 2017)

Hi,

I posted the Fixlog.

The computer was running very slow this morning when I tried to search for FRST64.exe using both Firefox and Chrome. After I ran the FRST64.exe Fix, I tried the the same searches in Firefox and Chrome and everything is much much faster. Approximately 4 seconds with Firefox and 3 seconds with Chrome.

B


----------



## wannabeageek (Nov 12, 2009)

How old is the hard drive in this computer?


----------



## BunniG (May 12, 2017)

The computer is seven years old and I think this is the computer where I had to replace the hard drive at six months. I've had so many computers I'm not sure. So 6 1/2? When I checked last, no issues were reported for the drive. I can check again if you want me to. Should I run CHKDSK?

B


----------



## wannabeageek (Nov 12, 2009)

I am going to post a scan using CHKDSK. What should have been a simple repeat has failed integrity.
1st time: Windows Resource Protection did not find any integrity violations.
Today: Windows Resource Protection could not perform the requested operation.


----------



## wannabeageek (Nov 12, 2009)

Ok B,

*Check Hard Disk For Errors*
Download the file, "HDCHK.txt"
Rename the extension to "bat"
Right mouse click, select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
A blank command window will open on your desktop, then close in a few minutes. This is normal. 
A file and icon named *checkhd.txt* should appear on your Desktop. 
Please attach this file in your next post.


----------



## BunniG (May 12, 2017)

Hi,

I have not responded to your latest suggestion because for work I had to download a Windows7 virtual desktop which is running, but slow. I tried to download the Windows 7 virtual desktop to my laptop instead, but I'm having errors with that and the Service Desk cannot solve my problems, so I'm stuck with it on my slow desktop.

Do you think I should still run the HDCHK.txt file? 

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> Hi,
> 
> Do you think I should still run the HDCHK.txt file?
> 
> B


Please, I still need to see if your computer is experiencing hard drive failure. The fact that the Windows Resource Protection failed and there are 7 updates missing from the installed updates, I want to make sure that it is not from a failing hard drive.

Also, having installed virtual desktop may complicate things. This is a very old computer, (7-8 years old), and you may have to buy a new one in order to get the performance you desire.
wbg


----------



## BunniG (May 12, 2017)

Hi,

I'm going to run HDCHK.txt on Saturday so it doesn't interfere with my project if something goes wrong and I have to buy a new computer. Might have to anyway.

B


----------



## wannabeageek (Nov 12, 2009)

Not a problem, B. Let me know how it turns out.
wbg


----------



## BunniG (May 12, 2017)

Hi,

Here's what happened.

1. I downloaded the file, HDCHK.txt, renamed to .bat and it wouldn't run, just opened the text file on the screen.
2. I read the file, went to the Command Prompt and tried to manually run the commands. See below.










Not sure what this means, "elevated mode"? Please advise

B.


----------



## BunniG (May 12, 2017)

Hi,

Screen capture from the Windows Powershell where I theoretically have rights to run this command.










B


----------



## wannabeageek (Nov 12, 2009)

Just run chkdsk and tell me what the output is.


----------



## BunniG (May 12, 2017)

Hi,

Could only run CHKDSK in Windows Powershell Admin. Here are the results. No problems but it ran a lot slower than it did on my laptop.










B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

Powershell isn't necessary for what we need to do. Also, any stray characters could trigger unwanted results.
Lets try the system scan again using the FIX from FRST.

*Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.

When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). Please post the contents in your reply.


----------



## BunniG (May 12, 2017)

Hi,

I have not completed the fix above. Will do so tomorrow.

Have another question. I ran Malwarebytes today and I keep getting the same issue infecting my computer. I read some blogs and they said this item could cause my computer to run slowly. See screen below. Please advise.

B


----------



## BunniG (May 12, 2017)

Hi,

Attached the Malwarebytes report. Just saw I could export to the results to a text file.

B


----------



## BunniG (May 12, 2017)

Forgot the attachment. Here it is.

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> Forgot the attachment. Here it is.
> 
> B


The files in question are quarantined. This is not the same report from the screen shot.



> Malwarebytes
> www.malwarebytes.com
> 
> -Log Details-
> ...


----------



## BunniG (May 12, 2017)

The screenshot was just a partial view of the results since May, and did not include today's scan. Should I delete the quarantined files? I saw that option.

B


----------



## wannabeageek (Nov 12, 2009)

Right now the quarantined files are of no concern to me. You never did run the fix I posted for you on Sunday, July 2nd. I am still waiting for that response.


----------



## BunniG (May 12, 2017)

Sorry, will run it now.

B


----------



## BunniG (May 12, 2017)

Hi,

I attached my fixlog.

B


----------



## wannabeageek (Nov 12, 2009)

Hi B,

FRST64 should still be on your desktop.

*Run A Fix With FRST*
Download attached *fixlist.txt* file and save it to the Desktop.
*NOTE*. It's important that both the program *FRST64.exe* and *Fixlist.txt* be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run *FRST64* and press the *FIX* button just once, and wait. *DO NOT PRESS THE SCAN BUTTON.*
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.

When finished, FRST64 will generate a log on the Desktop (*Fixlog.txt*). Please attach the file in your next reply.


----------



## BunniG (May 12, 2017)

Hi,

I attached my log.

B


----------



## wannabeageek (Nov 12, 2009)

Attach this file from your desktop: sfcdetails.txt


----------



## BunniG (May 12, 2017)

Hi, Don't see a file. Not sure what to do. Is this for someone else?

B


----------



## wannabeageek (Nov 12, 2009)

sfcdetails.txt <- This file was produced at the same time you ran the fix and should be on your desktop.


----------



## BunniG (May 12, 2017)

Hi, Just checked my desktop several times. The file is not there. ???? Was that the output from the FixList?

B


----------



## wannabeageek (Nov 12, 2009)

Run the scan again. Try this fixlist.


----------



## BunniG (May 12, 2017)

Hi, only created Fixlog.txt. No other text file.

To run DOS utilities like CHKDSK, I had to be in the Windows PowerShell.

See attached file.

B.


----------



## wannabeageek (Nov 12, 2009)

Why or what do you use powershell for?


----------



## BunniG (May 12, 2017)

When I tried to run CHKDSK manually a few weeks ago because the batch file you sent didn't work. I had to go into the PowerShell to run CHKDSK. Found this solution while researching on the Intern,et.

You had me rename a .txt file to .bat and it wouldn't run. So I looked in the text file and tried to execute the command line manually. Finally had to just run CHKDSK within the PowerShell. Just had to type it in at the prompt, but only worked in PowerShell.

B.


----------



## wannabeageek (Nov 12, 2009)

Aside from what I have asked you to do, what do you use powershell for and why are you familiar with it?


----------



## BunniG (May 12, 2017)

Hi, I am only familiar with the Windows PowerShell (Admin) because I couldn't run CHKDSK at the command prompt (or as we used to call it, the DOS prompt). So I started researching on the Internet and found some advice about using the Windows PowerShell. That didn't work either, so I tried the Windows PowerShell (Admin) and then I could run all the commands, like DIR, DIR/W, CD\, etc. I think your batch file didn't run because you have to somehow invoke the PowerShell. I looked at your text file and tried to run it manually at the command prompt and that didn't work.

Used to be I could change the file extension to .bat and run the commands in the file, but that doesn't work in this version of Windows. 

B


----------



## BunniG (May 12, 2017)

Hi,

Interested in getting your take on this issue with malware on my computer. I downloaded the free version of Malwarebytes as you mentioned you use it. Every time I run a scan, the software lists the same five issues. I quarantine them and if I run the scan again, immediately after the quarantine they are still there. Is it possible they are replicating? Hiding? Defeating the malware. See the attached logs from various time periods. They never go away. 

Do I need a rootkiller?

B.


----------



## wannabeageek (Nov 12, 2009)

Hi B,

The biggest issue you are dealing with is the basic consumer grade hardware, OUTDATED no less, with business applications that REQUIRE better hardware. To compound the issue, you have installed a virtual desktop, (Windows 7), on an operating system that already has one built in; Windows 10. Windows 10 will operate on your HP hardware at a reduced capacity - something you are very aware of - but requirements are beyond its capacity to be upgraded.

I would highly suggest uninstalling the virtual desktop.

Run ESET again, then we will deal with these malwarebyte results.

*Step 1.*
*ESET online scanner*



> NOTES:
> * You can use either Internet Explorer or Mozilla FireFox for this scan.*
> _If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select *'Run as administrator' *to perform this scan._
> If using Mozilla Firefox you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install
> _All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox._


*Step 1a. Download/Install*

First please *Disable* any* Antivirus * you have active, as shown in *This topic*. Scroll down to find your product.
*REMEMBER: to re-enable it after the scan.*
Next hold down Control then click on the following link to open a new window to *ESET online scanner*
Press the *Scan Now* button on the bottom left column of the page.
A popup box should open. If not, Double click on the file, "esetonlinescanner_enu.exe" in the download folder.
Select the option *Accept* Button For the Terms of Use. If prompted by UAC, please allow it. then click on *Start*.
When prompted allow the *Add-On/Active X* to install.
Click on the button: "*Enable detection of potentially unwanted applications"*
Now click on *Advanced Settings* and select the following:
*Enable detection of potentially unsafe applications*
*Enable detection of suspicious applications*
*Scan archives*
*Enable Anti-Stealth Technology*
*Make sure* that the option *Clean threats automatically* is *NOT checked.*


*Step 1b. Scan*

Now click on *Scan*.
The *virus signature database... *will begin to download. *Be patient*, this make take some time depending on the speed of your Internet Connection.
When completed the* Online Scan* will begin automatically. *Again, Be patient*. This may take some time as well depending upon the *amount of data on the drive(s) being scanned*.
When the scan is completed, click *Copy* to *clipboard* and *paste in your next post*.
Click the "*Do not clean*" text at the bottom of the window.
*Be sure you have copied and posted the log file first!*
If you would like the program removed, Check the box: *Delete application's data on close*.
Now click on *Finish*.
Close the popup for the 30-day trial by clicking the *X* at the top right corner.

*Remember to re-enable your Anti-Virus application after running the above scan!*


----------



## BunniG (May 12, 2017)

Will try this tomorrow. I wanted to run the VDI on my laptop which is only seven months old. However, I am having lots of issues running the VDI software. For some reason, when I try to enter my credentials for the token, the system will not accept me. Their Service Desk is baffled and has been trying to help me since June 22. They want to close my ticket, but I won't let them.

B


----------



## wannabeageek (Nov 12, 2009)

Pop a question here, Business Applications, about your VDI issue. There are some really sharp people here that deal with that type of problem.


----------



## BunniG (May 12, 2017)

Thank you, I will get in touch right away.

B


----------



## BunniG (May 12, 2017)

I created a thread on the business site. Will update you.


----------



## BunniG (May 12, 2017)

Hi, FYI. Cannot run the ESET online scanner tonight. Have to work. Will run it before work on Monday.

B


----------



## BunniG (May 12, 2017)

Hi,

FYI, got the virtual desktop running on my laptop. The Service Desk at work finally came through with a different version of the Horizon VDI software--and it works!

Loaded the online scan software and got this message. Stopped to consult with you. What should I choose. They must have upgraded, no Start button as in the directions.


----------



## wannabeageek (Nov 12, 2009)

The "START" was to download the database for the scan. So just skip that step and continue with the instructions as written.


----------



## BunniG (May 12, 2017)

Hi, the instructions didn't address these options. That's what I need to know. Just click Scan, ignore the options?

B


----------



## BunniG (May 12, 2017)

Hi,

Ran the ESET scan. Lots of stuff.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupons\uninstall.exe.vir a variant of Win32/Adware.Coupons.AA application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\apn\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.2.0.crx.vir Win32/Bundled.Toolbar.Ask.P potentially unsafe application,Win32/Bundled.Toolbar.Ask.Q potentially unsafe application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\C\Users\Susan Graye\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe.vir a variant of Win32/Adware.Mobogenie.A application 
C:\AdwCleaner\Quarantine\files\izivdgongnridpgelahbmggxoaquobwb\uninstall.exe a variant of Win32/Adware.Coupons.AA application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application 


B


----------



## BunniG (May 12, 2017)

Hi, Any feedback on the log I posted this weekend?

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> Hi, Any feedback on the log I posted this weekend?
> 
> B


Yes, I find it rather strange that this is the exact same report you posted back on the 6th of Jun, 2017 minus the Trivantis entries.

Did you ever uninstall WinZip?


----------



## BunniG (May 12, 2017)

Hi, yes, I saw Winzip on the list too when I reviewed the file. Is it 7-zip you prefer. I put it on my laptop, but probably didn't delete Winzip and install on the desktop. Will check the desktop and get back to you.

What about all that malware that's on my desktop. It keeps showing up after I quarantine those item.

B

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> Hi, yes, I saw--->>> Will check the desktop and get back to you.
> 
> B


And you were going to get back to me?


----------



## BunniG (May 12, 2017)

Hi, Winzip was still on my desktop. Took it off.

Meanwhile, I found out that my Malware issue of the same trojans appearing after every scan, even after I quarantine them is an issue on the Malwarebytes forum. Looks like it is not easy to get rid of them. Any thoughts on how to do that? They had a very convoluted solution from 2016.

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> Hi, Winzip was still on my desktop. Took it off.
> 
> Meanwhile, I found out that my Malware issue of the same trojans appearing after every scan, even after I quarantine them is an issue on the Malwarebytes forum. Looks like it is not easy to get rid of them. Any thoughts on how to do that? *They had a very convoluted solution from 2016.*
> 
> B


Send a PM to me with the link to this convoluted solution you speak of.


*What I from you is the logs from a MBAM scan in this order:*
The log created prior to cleaning.
The log created after cleaning.
Reboot the computer - If malwarebytes does not.
Repeat once.
This is doable as I have done it myself. *Screenshots* are *not acceptable*.
Yes, it is a hassle. But I need to see what is not getting removed.


----------



## BunniG (May 12, 2017)

Hi,

I am attaching my logs. It seems the rootkits are removed.

B


----------



## wannabeageek (Nov 12, 2009)

B,

Any more issues with the desktop?

wbg


----------



## BunniG (May 12, 2017)

Hi, Just ran Malwarebytes. No issues, so I think I'll just stop here and think about getting a new computer. Any recommendations for features?

B


----------



## wannabeageek (Nov 12, 2009)

For what you are doing, I would recommend getting a workstation desktop with an Intel Xeon Processor and minimum 16GB ECC ram.

And here is an example:
ThinkStation P Series Workstations


----------



## BunniG (May 12, 2017)

Why a Xenon and not a 7? 

Thank you for the recommendation and all your help.

B


----------



## BunniG (May 12, 2017)

I meant Xeon. Do you think Lenovo is a good brand? I think it used to be ThinkPad before they sold it--to China???

B


----------



## wannabeageek (Nov 12, 2009)

BunniG said:


> I meant Xeon. Do you think Lenovo is a good brand? I think it used to be ThinkPad before they sold it--to China???
> 
> B


*I personally believe* Lenovo is a good product. Thinkpad is a product line of Lenovo. 
I also own a Lenovo Ideapad, Acer Aspire, Asus Altec, and some others. You can't have too many computers now, can you?



BunniG said:


> Why a Xenon and not a 7?
> 
> Thank you for the recommendation and all your help.
> 
> B


You are welcome.

Reasons for the Xeon over the Core i7. If you had to start using a cad or financial program, you would have some serious issues with memory management, cpu usage, etc.. That said, Core i7 can be overclocked but the increased speed does not necessarily produce better results from a business application standpoint. Also, the Core i7 has a maximum limit of 64GB ram where as the Single or Dual Socket Xeon E5 v3 has a maximum ram limit of 768GB. And when you talk of layering operating systems the use of ram only goes up. Then there is the type of ram to use. The supporting ram used with the Core i7 is not as good as the ECC ram used with the Xeon E5 v3. ECC ram, Error Correcting Code Memory RAM (ECC RAM), will actually catch errors and fix them on the spot. A vital necessity in a business environment.
A final note here, the Core i7 is a top end chip of its class where the Xeon E5 v3 is a mid range chip of its class or family.
Think of it this way; The Core i family is for the consumer division, ie home use, gamers, amateurs, etc... the Xeon is for the professional division. The Xeon system is easier to make upgrades to where as the Core i7 system you buy a new computer as an upgrade.; kind of like what your doing now. There are many more differences in detail but this should suffice.
It also boils down to, "you get what you pay for". And, is this what you want to be doing again 5-7 years down the road?

wbg


----------



## BunniG (May 12, 2017)

Hi, thanks so much for the explanation and all your help.

B


----------

