Slow Pc suspect Virus

[Jerry56]

I didn't download AVAST and is not using it.

I did download TOTAL AV but didn't install it . I did delete it.

[olgun52]

Okay.

Step 1:
FRST Script:
Please download this attached Fixlist.txt (2.9 KB, 0 views) downloads and Save it to the Desktop, and name it: fixlist.txt

• Start FRST with Administrator privileges.
• Press the Fix button.
• When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
  Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

Step 2:

ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

• Please visit the ESET Online Scanner website
• Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
• Double click esetonlinescanner_enu.exe. Accept the Terms of Use
• Select Enable detection of potentially unwanted applications
• In Advanced Settings: make sure that Clean threats automatically is unchecked
• And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
• Click Scan
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
• Delete found harmful. Place a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

[Jerry56]

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by George (14-12-2017 12:45:00) Run:9
Running from C:\Users\George\Desktop
Loaded Profiles: George & DefaultAppPool (Available Profiles: George & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3453.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3455.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3461.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3465.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3468.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3471.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3472.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3485.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3486.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3489.JPG:Updt_Summa ryInformation [151]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:SummaryInf ormation [0]
AlternateDataStreams: C:\Users\George\Downloads\IMG_3491.JPG:Updt_Summa ryInformation [151]
FirewallRules: [{6C2F1F10-A6B8-4C64-B68F-7B2D22FF1BF6}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{6CF286E4-6739-4401-B755-8EE131FFD317}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
HKU\S-1-5-21-96959487-344117887-1461987557-1001\...\StartupApproved\Run: => "WeatherBuddy"
S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8924672 2016-02-05] (SecureMix LLC)
c:\programdata\glasswire\service\glasswire.db
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
C:\EEK
C:\Users\George\Documents\TotalAV
C:\Users\George\AppData\Roaming\TotalAV
CMD: ipconfig /flushdns
Emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\George\Downloads\IMG_3453.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3453.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3455.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3455.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3461.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3461.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3465.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3465.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3468.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3468.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3471.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3471.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3472.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3472.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3485.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3485.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3486.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3486.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3489.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3489.JPG => ":Updt_Summa ryInformation" ADS could not remove.
C:\Users\George\Downloads\IMG_3491.JPG => ":SummaryInf ormation" ADS could not remove.
C:\Users\George\Downloads\IMG_3491.JPG => ":Updt_Summa ryInformation" ADS could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{6C2F1F 10-A6B8-4C64-B68F-7B2D22FF1BF6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\{6CF286 E4-6739-4401-B755-8EE131FFD317} => value removed successfully
HKU\S-1-5-21-96959487-344117887-1461987557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\\WeatherBuddy => value removed successfully
HKU\S-1-5-21-96959487-344117887-1461987557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \\WeatherBuddy => value not found.
"HKLM\System\CurrentControlSet\Services\GlassW ire" => removed successfully
GlassWire => service removed successfully
c:\programdata\glasswire\service\glasswire.db => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelib joplmkhecmalapkgadkfcc" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extension s\looohgelibjoplmkhecmalapkgadkfcc" => removed successfully
C:\EEK => moved successfully
C:\Users\George\Documents\TotalAV => moved successfully
C:\Users\George\AppData\Roaming\TotalAV => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9986048 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4285234 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 7192078 B
Edge => 56832 B
Chrome => 0 B
Firefox => 19659987 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
George => 70658020 B
DefaultAppPool => 0 B

RecycleBin => 5052782 B
EmptyTemp: => 111.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:45:39 ====

[Jerry56]

I still can't turn on Window Defender also the computer is still slow getting on the internet.

The ESET Scan finish and didn't find any threats , I copy the log , see below

Log
Version of detection engine: 16573 (20171214)
Date: 12/14/2017 Time: 1:08:52 PM
Scanned disks, folders and files: C:\
C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\Program Files (x86)\Garmin\Express\Awesomium.Core.dll » DOTNETREACTOR - archive damaged
C:\Program Files (x86)\Garmin\Express\Awesomium.Windows.Controls.dl l » DOTNETREACTOR - archive damaged
C:\ProgramData\Microsoft\Network\Downloader\edb.lo g - unable to open [4]
C:\ProgramData\Microsoft\Network\Downloader\qmgr.d b - unable to open [4]
C:\ProgramData\Microsoft\Network\Downloader\qmgr.j fm - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\edb.jtx - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Windows.edb - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Windows.jfm - unable to open [4]
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\Ge ofenceApplicationID.dat - unable to open [4]
C:\swapfile.sys - unable to open [4]
C:\System Volume Information\{2611f5dc-df92-11e7-9c61-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{2fe22a15-dac1-11e7-9c55-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{73407811-d8fe-11e7-9c53-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{7ecf41a3-dd0a-11e7-9c58-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{7ecf41cb-dd0a-11e7-9c58-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{7ecf41e8-dd0a-11e7-9c58-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{a476c1d7-d878-11e7-9c50-001e4fc94be3}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\No tifications\WPNPRMRY.tmp - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\Us rClass.dat - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\Us rClass.dat.LOG1 - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\Us rClass.dat.LOG2 - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\We bCache\V01.log - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\We bCache\WebCacheV01.dat - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\We bCache\WebCacheV01.jfm - unable to open [4]
C:\Users\George\AppData\Local\Microsoft\Windows\We bCacheLock.dat - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.S kypeApp_kzf8qxf38zg5c\Settings\settings.dat - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.S kypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.S kypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indows.Cortana_cw5n1h2txyewy\Settings\settings.dat .LOG1 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indows.Cortana_cw5n1h2txyewy\Settings\settings.dat .LOG2 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indows.ShellExperienceHost_cw5n1h2txyewy\Settings\ settings.dat - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indows.ShellExperienceHost_cw5n1h2txyewy\Settings\ settings.dat.LOG1 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indows.ShellExperienceHost_cw5n1h2txyewy\Settings\ settings.dat.LOG2 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indowsStore_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indowsStore_8wekyb3d8bbwe\Settings\settings.dat.LO G1 - unable to open [4]
C:\Users\George\AppData\Local\Packages\Microsoft.W indowsStore_8wekyb3d8bbwe\Settings\settings.dat.LO G2 - unable to open [4]
C:\Users\George\AppData\Local\TileDataLayer\Databa se\EDB.log - unable to open [4]
C:\Users\George\AppData\Local\TileDataLayer\Databa se\vedatamodel.edb - unable to open [4]
C:\Users\George\AppData\Local\TileDataLayer\Databa se\vedatamodel.jfm - unable to open [4]
C:\Users\George\Downloads\AdbDriverInstaller.exe » CAB » Microsoft Kernel-Mode Driver Framework Install-v1.9-Vista.msu - archive damaged - the file could not be extracted.
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/bg-close-program.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/bg-download-bar-empty.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/bg-download-bar-error.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/bg-download-bar-full.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/bg-header-error.gif - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/button-center-highlight.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/button-center.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/button-left-highlight.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/button-left.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/button-right-highlight.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/button-right.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/icon-blank.gif - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/icon-complete-error.gif - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/icon-complete.gif - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/icon-error.png - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » images/logo-adobe.gif - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » interop/downloader.dll - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/cn.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/cs.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/da.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/de.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/en-us.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/es.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/fi.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/fr.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/hr.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/hu.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/it.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/ja.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/ko.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/nl.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/no.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/pl.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/pt.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/ro.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/ru.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/sk.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/sl.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/sv.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/tr.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/tw.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » locale/ua.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » util/gccheck.exe - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » util/gtbcheck.exe - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » app.config.xml - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » compact.min.js - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » environment.json - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » logo.ico - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » mainwindow.config.xml - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » mainwindow.css - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » mainwindow.html - error - password-protected file
C:\Users\George\Downloads\flash_setup.exe » ZIP » workflow.json - error - password-protected file
C:\Users\George\NTUSER.DAT - unable to open [4]
C:\Users\George\ntuser.dat.LOG1 - unable to open [4]
C:\Users\George\ntuser.dat.LOG2 - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve.LOG1 - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve.LOG2 - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT .LOG1 - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT .LOG2 - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT.LOG1 - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT.LOG2 - unable to open [4]
C:\Windows\System32\catroot2\edb.log - unable to open [4]
C:\Windows\System32\catroot2\edbtmp.log - unable to open [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\config\BBI - unable to open [4]
C:\Windows\System32\config\BBI.LOG1 - unable to open [4]
C:\Windows\System32\config\BBI.LOG2 - unable to open [4]
C:\Windows\System32\config\DEFAULT - unable to open [4]
C:\Windows\System32\config\DEFAULT.LOG1 - unable to open [4]
C:\Windows\System32\config\DEFAULT.LOG2 - unable to open [4]
C:\Windows\System32\config\RegBack\DEFAULT - unable to open [4]
C:\Windows\System32\config\RegBack\SAM - unable to open [4]
C:\Windows\System32\config\RegBack\SECURITY - unable to open [4]
C:\Windows\System32\config\RegBack\SOFTWARE - unable to open [4]
C:\Windows\System32\config\RegBack\SYSTEM - unable to open [4]
C:\Windows\System32\config\SAM - unable to open [4]
C:\Windows\System32\config\SAM.LOG1 - unable to open [4]
C:\Windows\System32\config\SAM.LOG2 - unable to open [4]
C:\Windows\System32\config\SECURITY - unable to open [4]
C:\Windows\System32\config\SECURITY.LOG1 - unable to open [4]
C:\Windows\System32\config\SECURITY.LOG2 - unable to open [4]
C:\Windows\System32\config\SOFTWARE - unable to open [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - unable to open [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - unable to open [4]
C:\Windows\System32\config\SYSTEM - unable to open [4]
C:\Windows\System32\config\SYSTEM.LOG1 - unable to open [4]
C:\Windows\System32\config\SYSTEM.LOG2 - unable to open [4]
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
Number of scanned objects: 226284
Number of threats found: 0
Time of completion: 4:10:44 PM Total scanning time: 10912 sec (03:01:52)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
When log on to the internet eset security had 22 messages , I only note one as seen below but they are similar kind :
ADDRESS HAS BEEN BLOCK
URL ADDRESS
http:ak.imgfarm.com/images/anx/ancmore-1.2.7.js
IP 23.36.32.17

[Jerry56]

Should I delete the items that were downloaded to desktop .?

The PC is showing that Windows 10 version 1709 is available but each time I tried to update it I will get the following message "We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

[olgun52]

Quote:

Originally Posted by Jerry56

Should I delete the items that were downloaded to desktop .?

The PC is showing that Windows 10 version 1709 is available but each time I tried to update it I will get the following message "We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

Quote:

I still can't turn on Window Defender also the computer is still slow getting on the internet.

Quote:

When log on to the internet eset security had 22 messages , I only note one as seen below but they are similar kind :
ADDRESS HAS BEEN BLOCK
URL ADDRESS
http:ak.imgfarm.com/images/anx/ancmore-1.2.7.js
IP 23.36.32.17

http:ak.imgfarm.com ===>https://www.virustotal.com/tr/url/fd...is/1502863945/
This information is from Ask.com. It may be caused by the softwares you have installed. I have not seen on your reports before. But we must clean.

First of all, let's try to repair. Then try updating your operating system again.

Windows Repair (All in One):

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Download Windows Repair (All in One) and save it to your desktop
• Double click the tweaking.com_windows_riepair_aio_setup icon
• Continually click Next, then Finish
• If you are running in Safe Mode click OK on the Warning screen
• Note: If you are unable to complete one of the steps simply continue on with the next step
• Go to Step 5 and click Create under System Restore, then Backup under Registry Backup
• Go to the Repairs tab and click Open Repairs
• Place a checkmark in the following boxes and uncheck everything else

Reset Registry Permissions
Reset File Permissions
Reset Service Permissions
Register System Files
Remove Policies Set By Infections
Unhide Non System Files
Repair File Associations
Restore Important Windows Services
Set Windows Services To Default Startup
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Repair Icons
Repair Winsock & DNS Cache
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working

• Click on box next to the Restart/Shutdown System when Finished
• Click on Restart System
• Click on Start Repairs
• Your computer will reboot upon completion
• Using Windows Explorer navigate to the following file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

• Copy and paste (or attach if necessary) the contents of the log in your reply

[Jerry56]

I was able to download windows 10 version 1709 manually should I try to install it now or should I follow your instruction first.?

Also the antivirus I am using is the 30 days trial of ESET Internet security which was automatically installed when I did the online scan.

[olgun52]

Quote:

Originally Posted by Jerry56

I was able to download windows 10 version 1709 manually should I try to install it now or should I follow your instruction first.?

Also the antivirus I am using is the 30 days trial of ESET Internet security which was automatically installed when I did the online scan.

Did you running Windows Repair? Just update your operating system. Follow the update instructions.

For Eset; I just wanted you to run ESET Online Scanner. ESET Internet security can cause problems.

[Jerry56]

I update the PC and delete ESET Internet Security and is now using Windows Defender.

[olgun52]

Quote:

Originally Posted by Jerry56

I update the PC and delete ESET Internet Security and is now using Windows Defender.

Perfect.

Please do these following for Ask.com issue.

Step1:
Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Scan, then Clean.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Have a nice day.

[Jerry56]

# AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 16 22:54:38 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-15-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C10].txt - [2208 B] - [2016/9/10 19:8:46]
C:/AdwCleaner/AdwCleaner[C11].txt - [2819 B] - [2016/12/18 22:18:14]
C:/AdwCleaner/AdwCleaner[C1].txt - [2145 B] - [2016/5/8 13:5:51]
C:/AdwCleaner/AdwCleaner[C2].txt - [2261 B] - [2016/8/2 21:39:32]
C:/AdwCleaner/AdwCleaner[C5].txt - [2111 B] - [2015/9/3 21:35:30]
C:/AdwCleaner/AdwCleaner[C6].txt - [2944 B] - [2015/9/6 17:2:11]
C:/AdwCleaner/AdwCleaner[C7].txt - [18976 B] - [2015/11/7 17:39:27]
C:/AdwCleaner/AdwCleaner[C8].txt - [1125 B] - [2015/11/24 17:21:13]
C:/AdwCleaner/AdwCleaner[C9].txt - [2809 B] - [2015/12/23 17:58:34]
C:/AdwCleaner/AdwCleaner[S10].txt - [2375 B] - [2016/9/10 19:8:24]
C:/AdwCleaner/AdwCleaner[S11].txt - [2521 B] - [2016/9/22 17:1:30]
C:/AdwCleaner/AdwCleaner[S12].txt - [2611 B] - [2016/10/22 17:6:42]
C:/AdwCleaner/AdwCleaner[S13].txt - [2843 B] - [2016/12/15 18:9:5]
C:/AdwCleaner/AdwCleaner[S14].txt - [2732 B] - [2016/12/18 22:13:21]
C:/AdwCleaner/AdwCleaner[S1].txt - [2108 B] - [2016/5/8 13:3:21]
C:/AdwCleaner/AdwCleaner[S2].txt - [1795 B] - [2016/5/11 16:45:53]
C:/AdwCleaner/AdwCleaner[S3].txt - [1874 B] - [2016/5/29 17:13:31]
C:/AdwCleaner/AdwCleaner[S4].txt - [4457 B] - [2015/8/12 0:27:4]
C:/AdwCleaner/AdwCleaner[S5].txt - [3897 B] - [2015/9/3 21:34:1]
C:/AdwCleaner/AdwCleaner[S6].txt - [4778 B] - [2015/9/6 17:0:8]
C:/AdwCleaner/AdwCleaner[S7].txt - [18008 B] - [2015/11/7 17:37:32]
C:/AdwCleaner/AdwCleaner[S8].txt - [1020 B] - [2015/11/24 17:19:46]
C:/AdwCleaner/AdwCleaner[S9].txt - [829 B] - [2015/12/23 17:53:32]


########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt ##########

[Jerry56]

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by George (Administrator) on Sat 12/16/2017 at 17:58:57.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




File System: 0


user_pref(browser.startup.homepage, hxxp://www.excite.com/);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on Sat 12/16/2017 at 18:01:34.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~

[olgun52]

İs there your ask.com (http:ak.imgfarm.com ) issue still ?

[Jerry56]

I don't see (http:ak.imfarm.com) again . I only used to see it when using ESEt internet security.

The Internet is still slow ,sometimes I get the following message (Hmm. We’re having trouble finding that site.

We can’t connect to the server at navigator-lxa.mail.com.
If that address is correct, here are three other things you can try:

Try again later.
Check your network connection.
If you are connected but behind a firewall, check that Firefox has permission to access the Web."

[olgun52]

This problem can be caused by proxy settings and windows firewall.I am not sure if Complete Internet Repair will help solve this problem.Maybe your proxy settings could hurt.
=====================

Did you used Bytefence software so far?

================================================== =
Follow the instructions below please.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.

• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
• In the Search text area, copy and paste the following:

Code:

rootCert.pfx;Ionic.Zip.dll;TRUSTED.WEB.PROXY.DLL;f6a641 ac642b4dc69c694d1ff32f30c1_1.exe

• Once done, click on the Search Registry button and wait for FRST to finish the search;
• On completion, a log will open in Notepad. Copy and paste its content in your next reply;