Author Topic: EMERGENCY!!!  (Read 19657 times)

0 Members and 2 Guests are viewing this topic.

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #30 on: August 09, 2017, 04:13:49 PM »
Here is the ADDITION LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by Me (09-08-2017 19:57:01)
Running from C:\Users\Me\Desktop\Repair
Windows 7 Home Premium Service Pack 1 (X64) (2017-07-31 12:37:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2293580261-1291186321-2028678180-500 - Administrator - Disabled)
Guest (S-1-5-21-2293580261-1291186321-2028678180-501 - Limited - Disabled)
Me (S-1-5-21-2293580261-1291186321-2028678180-1000 - Administrator - Enabled) => C:\Users\Me

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
cCloud (HKLM\...\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}) (Version: 3.0.8.84 - COMODO)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
E-Z Contact Book version 4.4.0.10 (HKLM-x32\...\{1B758D8A-B999-45AD-B7AA-14D10FDC19D2}_is1) (Version: 4.4.0.10 - Dmitri Karshakevich)
GeekBuddy (HKLM-x32\...\{DF554A50-ABE5-4091-A1E9-2D2E7E5254B7}) (Version: 4.18.122 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\{A7A76FD6-91B5-3C7F-B37D-DFDA03F5FBAE}) (Version: 60.0.3112.90 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.3.3 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.3.3 - KLCP)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7680 - Realtek Semiconductor Corp.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Web Companion (HKLM-x32\...\{fc670cce-6b59-4859-9e76-d138cff15924}) (Version: 3.2.1705.3235 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-02] (AVAST Software)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-02] (AVAST Software)
ContextMenuHandlers1: [COMODOBackupUtility] -> {FA66022E-2FE4-4A29-916C-84A0D8173FBB} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-04] (Alexander Roshal)
ContextMenuHandlers2: [COMODOBackupUtility] -> {FA66022E-2FE4-4A29-916C-84A0D8173FBB} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-02] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [COMODOBackupUtility] -> {FA66022E-2FE4-4A29-916C-84A0D8173FBB} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-02] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A5CB1B-6E8C-4063-AB19-50085DBE3783} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-02] (Google Inc.)
Task: {0668A67A-807F-40E3-897C-5E628C9CAD9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-02] (Google Inc.)
Task: {13C170A4-1489-4112-AD5F-9AD22EFD06F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {1CE3E195-CF64-4C94-922B-096108302EBA} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {2EBA72C6-84B7-42C3-A5DB-AB5D2E8B8CFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {7DA3353F-F707-4FDB-B9AC-8D25A57669AA} - System32\Tasks\{A370589A-2F81-4005-A949-A5EFD4F307A0} => C:\Windows\system32\pcalua.exe -a "C:\Users\Me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBF4FI20\wlsetup-web.exe" -d C:\Users\Me\Desktop
Task: {C5A241AE-DA09-40B9-B2B5-10352836E66A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-07-07] ()
Task: {E320DE47-8530-413B-9451-6CE3D796B314} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-02] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Me\Favorites newest\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Me\Favorites\Links\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-07-31 15:46 - 2015-05-26 20:50 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-08-03 10:38 - 2014-09-03 14:53 - 001508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2017-08-03 10:38 - 2014-09-03 14:53 - 000338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2017-08-02 09:51 - 2017-08-05 21:26 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-08-02 09:51 - 2017-08-05 21:26 - 000017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-08-02 09:51 - 2017-08-05 21:26 - 000036456 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-08-08 08:29 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-02 11:07 - 2017-08-02 11:07 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-08 21:03 - 2017-08-08 21:03 - 005894008 _____ () C:\Program Files\AVAST Software\Avast\defs\17080802\algo.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-04 09:10 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-04 09:10 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-08-04 09:10 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-08-04 09:10 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-08-02 11:08 - 2017-08-02 11:08 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-05 21:26 - 2017-08-05 21:26 - 000108648 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2017-08-02 09:51 - 2017-08-05 21:26 - 000110696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2017-08-02 09:51 - 2017-08-05 21:26 - 000313448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2017-08-02 09:51 - 2017-08-05 21:26 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2017-06-20 11:28 - 2017-06-20 11:28 - 001997792 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2293580261-1291186321-2028678180-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Me\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.100.102.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EF651684-AC77-47F6-BF86-C56EC4E61557}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B9D14F09-09A9-46EB-9EC6-F456B71071A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{29E0DB68-4E3C-418B-B3CD-DF83492EC828}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7F4137AF-3157-46D9-BEB7-280A2455D4D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A8293969-6983-4743-90BC-F32754D1C5EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FD9AA708-B483-4441-92DC-D3C7B66A2239}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{76D88DC1-0818-4C8A-AAD6-C3197785DDB7}] => (Allow) LPort=2869
FirewallRules: [{D2DFE459-1A60-4770-B9F8-3E94587F5E4C}] => (Allow) LPort=1900
FirewallRules: [{25616596-68B8-4B46-A91D-9AEE5B6F2563}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6AC80DBE-13FA-4FF6-92CA-49F4007D3686}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{451D4929-A555-4CF5-9FEC-3967A6FA8BD6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{9FE8B913-197E-47EC-819D-752C8DD3C4A1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{EADEEC8D-592C-4A75-8B3E-E6CD3E74B438}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{6FB7AB05-A4EA-4F07-B479-610B884B9EA3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{41BA4218-E108-4AB6-A78D-4D3C9D33AE65}] => (Allow) LPort=5357
FirewallRules: [{A7C1A9DD-358A-42C3-8E71-A6EA31558F4E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0887FBD3-129E-45B5-A0C3-87F1F46C72EA}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{625AB7A0-7191-4770-8DD2-E24899338B8B}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{7FE9B846-3A01-4F09-B34C-81568946C831}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{7879008A-E20A-4019-8360-61ED79F6F706}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{EC1747BC-90B5-4208-B585-79FC26206391}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{74DBAF03-7436-45D6-87BA-BF41A3FC2D8C}] => (Allow) C:\Users\Public\Desktop\AnyDesk.exe
FirewallRules: [{CD0E990E-2907-4603-A2F9-1D37E159CE85}] => (Allow) C:\Program Files\COMODO\cCloud\cCloud.exe
FirewallRules: [{3838C265-CBEB-498F-97CF-B95D9EEC69BF}] => (Allow) C:\Program Files\COMODO\cCloud\cCloud.exe
FirewallRules: [{CE6DDBE4-FCB6-4A62-B23E-855E4BB42BE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-08-2017 07:58:41 Removed Foxit PhantomPDF
08-08-2017 12:37:52 Installed DirectX
08-08-2017 12:38:40 Installed DirectX
09-08-2017 10:13:21 Windows Update
09-08-2017 15:57:49 Removed HP Officejet Pro 6830 Basic Device Software
09-08-2017 18:17:42 Removed HP Officejet Pro 6830 Basic Device Software
09-08-2017 18:19:18 Removed HP Officejet Pro 6830 Basic Device Software
09-08-2017 18:20:57 Removed Microsoft Office Professional Plus 2013
09-08-2017 18:21:12 PROPLUS
09-08-2017 19:31:01 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
09-08-2017 19:32:12 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
09-08-2017 19:37:41 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
09-08-2017 19:38:18 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
09-08-2017 19:43:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2017 07:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/09/2017 03:48:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/09/2017 03:38:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/09/2017 12:57:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/09/2017 07:26:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/08/2017 11:19:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: PC-9898)
Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
 (17.012.20093)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/08/2017 11:19:05 PM) (Source: MsiInstaller) (EventID: 11722) (User: PC-9898)
Description: Product: Adobe Acrobat Reader DC -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action InstallWebResources, location: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe, command: 17.012.20093 17.009.20058.0

Error: (08/08/2017 03:49:36 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/08/2017 03:49:36 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/08/2017 03:49:35 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (08/09/2017 07:12:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/09/2017 07:12:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/09/2017 07:12:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/09/2017 07:12:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/09/2017 03:47:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:46:27 PM on ‎8/‎9/‎2017 was unexpected.

Error: (08/09/2017 03:33:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (08/09/2017 01:02:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/09/2017 10:12:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (08/09/2017 09:36:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/09/2017 09:36:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 92%
Total physical RAM: 1948.42 MB
Available physical RAM: 136.78 MB
Total Virtual: 3896.84 MB
Available Virtual: 1811.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:186.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DC809A13)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #31 on: August 09, 2017, 04:32:50 PM »
Another question just came to me:

Before I had my windows 7 reinstallation, I had Kaspersky with a license.
Now they gave me Avast Free. Is this any good. Should I keep it?

I'm not sure how my Kaspersky allowed this mess to happen in the first place
and I am sure there is probably bits and pieces of it still left here and there in my computer as a result of the backup they did.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: EMERGENCY!!!
« Reply #32 on: August 09, 2017, 06:43:06 PM »
Antivirus choices are often personal preference.  I've seen older reports of Avast using a lot of memory.  The best way to determine that is to check Task Manager.  Press the Ctrl, Alt and Del keys simultaneously and click on the Processes tab.  Clicking on CPU should sort both the highest use of CPU and Memory to the top.  Take a screen capture and post it with your next reply.

As to how Kaspersky allowed the mess to happen, it is possible you came across something that wasn't in detection yet.  However, it is also possible that you tried to install some program without first scanning, ignored or missed a warning from the various other security programs installed (WebCompanion, Site Advisor, Spybot).  More than likely, however, it could very well have been due to outdated, vulnerable Java.  You currently have Java 8 Update 25 installed.  The latest version is Update 141. 

Since very few programs need Java any longer, I strongly suggest you consider uninstalling it.  If you decide to keep it, you need to updated it to the latest version:  Download link:  Java SE 8u141.  Be sure to UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
2017-08-07 14:11 - 2017-08-08 08:06 - 000000000 ____D C:\Users\Me\AppData\Roaming\Foxit Software
2017-08-07 14:11 - 2017-08-08 08:06 - 000000000 ____D C:\ProgramData\Foxit Software
2017-08-07 14:10 - 2017-08-07 14:10 - 000000000 ____D C:\Users\Public\Foxit Software
2017-08-02 10:09 - 2017-08-09 17:59 - 000000000 ____D C:\Program Files\KMSpico
2017-08-02 09:39 - 2017-08-09 18:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
FirewallRules: [{EF651684-AC77-47F6-BF86-C56EC4E61557}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B9D14F09-09A9-46EB-9EC6-F456B71071A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{29E0DB68-4E3C-418B-B3CD-DF83492EC828}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7F4137AF-3157-46D9-BEB7-280A2455D4D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #33 on: August 09, 2017, 07:05:40 PM »
Here is the screen of my task manager memory

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #34 on: August 09, 2017, 07:30:47 PM »
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by Me (09-08-2017 23:09:39) Run:1
Running from C:\Users\Me\Desktop\Repair
Loaded Profiles: Me (Available Profiles: Me)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
2017-08-07 14:11 - 2017-08-08 08:06 - 000000000 ____D C:\Users\Me\AppData\Roaming\Foxit Software
2017-08-07 14:11 - 2017-08-08 08:06 - 000000000 ____D C:\ProgramData\Foxit Software
2017-08-07 14:10 - 2017-08-07 14:10 - 000000000 ____D C:\Users\Public\Foxit Software
2017-08-02 10:09 - 2017-08-09 17:59 - 000000000 ____D C:\Program Files\KMSpico
2017-08-02 09:39 - 2017-08-09 18:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
FirewallRules: [{EF651684-AC77-47F6-BF86-C56EC4E61557}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B9D14F09-09A9-46EB-9EC6-F456B71071A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{29E0DB68-4E3C-418B-B3CD-DF83492EC828}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7F4137AF-3157-46D9-BEB7-280A2455D4D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => key removed successfully
C:\Users\Me\AppData\Roaming\Foxit Software => moved successfully
C:\ProgramData\Foxit Software => moved successfully
C:\Users\Public\Foxit Software => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\Program Files (x86)\Microsoft Office => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF651684-AC77-47F6-BF86-C56EC4E61557} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9D14F09-09A9-46EB-9EC6-F456B71071A2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29E0DB68-4E3C-418B-B3CD-DF83492EC828} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F4137AF-3157-46D9-BEB7-280A2455D4D9} => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55197440 B
Java, Flash, Steam htmlcache => 4156 B
Windows/system/drivers => 18602381 B
Edge => 0 B
Chrome => 149820841 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 1248 B
Me => 622574387 B

RecycleBin => 276388 B
EmptyTemp: => 815.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:12:16 ====

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #35 on: August 09, 2017, 07:37:50 PM »
Corrine:

1) I saw that you had removed "left over" parts of Foxit PDF software. I did have a license for this program and probably will re-download it, (unless you say otherwise)

2) If you believe that Avast is using too much memory, then please help me with uninstalling it and cleaning up the mess before I re-download the Kaspersky program.

3) The memory usage test I did was with my Skype program turned off (it is usually on all of the time) if this makes a difference.

Thank you for your help so far!


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: EMERGENCY!!!
« Reply #36 on: August 09, 2017, 07:48:57 PM »
Actually, the sort didn't show the memory as I expected.  Please open Task Manager again and this time click on Memory.  Post that image for me, please.  That should give us an idea if it is using a lot of memory.

As to Foxit PDF, no problem.  I had seen the restore point you created before uninstalling it and when I saw remnants added them to the script.  Just be careful if you do reinstall it to watch for "unwanted extras" (pre-checked programs added with it). 

What did you decide to do about Java?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #37 on: August 09, 2017, 07:57:15 PM »
....so strange.  I just began to type "task man...." and my computer screen went blank. Then I heard the computer get quiet and then start up again. Don't know what happened.

I will try again to type task manager.

As far as Java, I updated it but if you are sure by uninstalling it I will have no problems taking into account my programs on this Windows 7 etc. I would prefer to do so. Better than having something else that constantly needs updating.

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #38 on: August 09, 2017, 08:07:01 PM »
Task Manager Memory:

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #39 on: August 09, 2017, 08:11:16 PM »
Task Manager Memory Continuation:

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #40 on: August 09, 2017, 08:14:37 PM »
Task Manager Memory Final:

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19231
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: EMERGENCY!!!
« Reply #41 on: August 09, 2017, 09:07:23 PM »
Did you notice the bottom corner of Task Manager -- it is showing Memory 54% so that is down significantly. 

Regarding Java, if a program needs it to run, you will be prompted to install it.  I have never had Java installed on this 2008 PC and haven't needed it. I definitely don't miss having to update it.  :)

As to processes, adding the various Avast-related processes I picked out, it appears that the MBAM service may be using more memory than Avast.  Since you installed it at my request, you can uninstall it if you wish, although a better option would be when the trial of the Pro version runs out, keep the free version, update it weekly to scan your computer.  It is my favorite antimalware application.  I've used it since the very beginning (well, and actually recall when it was being developed.  :D )

You mentioned Skype earlier.  Personally, I don't like a lot of programs in start-up, especially if they aren't used regularly. 

I do suggest you consider removing GeekBuddy as it is known to use high resources.  If you need help, see How to remove COMODO GeekBuddy (Windows Removal Guide)

Let me know what you decide and then I'll provide instructions for removing the tools we used.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #42 on: August 10, 2017, 04:11:30 AM »
I tried uninstalling Geek Buddy and this what I got:

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #43 on: August 10, 2017, 04:22:01 AM »
Also,  should I keep this Spybot program?

I was looking for something to remove all of the daily tracking things that I pick up on websites. I think they slow me down.

Offline Moses

  • Full Member
  • ***
  • Posts: 153
    • View Profile
Re: EMERGENCY!!!
« Reply #44 on: August 10, 2017, 05:00:41 AM »
Oh, another question:

Can you please give me which sites are reliable for downloading freeware and which
for sure I should stay away from?

Thanks