General Check up after virus' found

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Jaymie1989
    PCHF Member
    • May 2017
    • 53
    #1

    General Check up after virus' found

    Hi,

    Just a general check up after ADW Cleaner and MBAM found virus’

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
    Ran by User (administrator) on USER-PC (16-09-2017 17:18:29)
    Running from C:\Users\User\Downloads
    Loaded Profiles: User (Available Profiles: User)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-89516438-2981426202-1575652177-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9855192 2017-09-07] (Piriform Ltd)
    HKU\S-1-5-18...\Run: [KSS] => “C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe” autorun

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip..\Interfaces{54D1A28F-5F1E-440D-BD54-B4A46862681B}: [NameServer] 8.8.8.8
    Tcpip..\Interfaces{54D1A28F-5F1E-440D-BD54-B4A46862681B}: [DhcpNameServer] 8.8.8.8
    Tcpip..\Interfaces{6C0FD1C6-3145-4497-BD6C-45D5D3D96C33}: [NameServer] 8.8.8.8
    Tcpip..\Interfaces{6C0FD1C6-3145-4497-BD6C-45D5D3D96C33}: [DhcpNameServer] 192.168.1.254
    Tcpip..\Interfaces{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
    [HEADING=1]Internet Explorer:[/HEADING]
    HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-89516438-2981426202-1575652177-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-89516438-2981426202-1575652177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=eheeVruXEZLj8wekyorwBw&gws_rd=ssl
    [HEADING=1]FireFox:[/HEADING]
    FF DefaultProfile: 1y9dlr0s.default
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1y9dlr0s.default [2017-09-16]
    FF Plugin: @microsoft.com/GENUINE → disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
    [HEADING=1]Chrome:[/HEADING]
    CHR StartupUrls: Default → “hxxp://www.google.com/
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-09-16]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-01-22]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-01-22]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2016-01-22]
    CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-01-22]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-01-22]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-16] (Malwarebytes)
    S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
    S3 tsusbhub; system32\drivers\tsusbhub.sys
    S3 VGPU; System32\drivers\rdvgkmd.sys

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-16 17:18 - 2017-09-16 17:20 - 000007386 _____ C:\Users\User\Downloads\FRST.txt
    2017-09-16 17:17 - 2017-09-16 17:18 - 000000000 ____D C:\FRST
    2017-09-16 17:16 - 2017-09-16 17:17 - 002398720 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
    2017-09-16 17:11 - 2017-04-27 23:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2017-09-16 17:11 - 2017-04-12 14:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2017-09-16 16:48 - 2017-09-16 16:48 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinDirStat
    2017-09-16 16:48 - 2017-09-16 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
    2017-09-16 16:48 - 2017-09-16 16:48 - 000000000 ____D C:\Program Files (x86)\WinDirStat
    2017-09-16 16:44 - 2017-09-16 16:44 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-09-16 16:42 - 2017-09-16 16:42 - 000058016 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-09-16 16:40 - 2017-09-16 16:40 - 000000085 _____ C:\Windows\wininit.ini
    2017-09-16 16:40 - 2017-09-16 16:40 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2017-09-16 16:37 - 2017-09-16 16:37 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-09-16 16:37 - 2017-09-16 16:37 - 000000000 ____D C:\Program Files\CCleaner
    2017-09-16 10:51 - 2017-09-16 16:39 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2017-09-16 10:48 - 2017-09-16 16:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-09-16 10:48 - 2017-09-16 16:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-09-16 10:46 - 2017-09-16 10:46 - 000000000 ____D C:\Windows\pss
    2017-08-30 13:23 - 2017-08-30 13:23 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2017-08-30 13:23 - 2017-08-30 13:23 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2017-08-30 13:23 - 2017-08-30 13:23 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
    2017-08-30 13:23 - 2017-08-30 13:23 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-16 17:18 - 2009-07-14 06:13 - 000782430 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-16 17:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
    2017-09-16 17:13 - 2010-01-01 19:01 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-09-16 17:13 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-16 17:13 - 2009-07-14 05:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-16 17:13 - 2009-07-14 05:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-16 17:06 - 2010-01-02 00:53 - 000000000 ____D C:\Windows\erdnt
    2017-09-16 17:04 - 2016-01-23 19:00 - 000766740 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-09-16 16:39 - 2010-01-01 19:01 - 000000000 ____D C:\Program Files (x86)\Steam
    2017-09-16 16:38 - 2010-01-02 06:57 - 000000000 ____D C:\Windows\Panther
    2017-09-16 16:19 - 2010-01-02 02:36 - 000000000 ____D C:\AdwCleaner
    2017-09-16 10:35 - 2016-01-22 08:58 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
    2017-09-16 10:35 - 2016-01-22 08:58 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
    2017-08-24 12:27 - 2010-01-01 19:01 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys

    ==================== Files in the root of some directories =======

    2016-02-11 14:45 - 2015-12-13 14:45 - 000000032 ____R () C:\ProgramData\hash.dat
    [HEADING=1]Files to move or delete:[/HEADING]
    C:\ProgramData\hash.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-03-31 08:48

    ==================== End of FRST.txt ============================
    [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017
    Ran by User (16-09-2017 17:21:57)
    Running from C:\Users\User\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2010-01-01 22:03:51)
    Boot Mode: Normal[/HEADING]
    ==================== Accounts: =============================

    Administrator (S-1-5-21-89516438-2981426202-1575652177-500 - Administrator - Disabled)
    Guest (S-1-5-21-89516438-2981426202-1575652177-501 - Limited - Disabled)
    User (S-1-5-21-89516438-2981426202-1575652177-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    CCleaner (HKLM...\CCleaner) (Version: 5.34 - Piriform)
    Google Chrome (HKLM-x32...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
    Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
    Malwarebytes version 3.2.2.2029 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32...{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek WLAN Driver (HKLM-x32...{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Sims™ 3 (HKLM...\Steam App 47890) (Version: - The Sims Studio)
    TOSHIBA Wireless LAN Indicator (HKLM-x32...{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
    WinDirStat 1.1.2 (HKU\S-1-5-21-89516438-2981426202-1575652177-1000...\WinDirStat) (Version: - )
    WinZip 20.0 (HKLM...{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
    ContextMenuHandlers1: [WinZip] → {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
    ContextMenuHandlers2: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers4: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
    ContextMenuHandlers4: [WinZip] → {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
    ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-05] (Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers6: [WinZip] → {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {021E162C-EDA6-468C-9DD2-28996F336D9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
    Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshConfigAndContent
    Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {29AD3F05-A353-4C69-9241-88D14FF6385C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
    Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe → /ScheduleUpgradeReminderTime
    Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshConfig
    Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshContent
    Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshConfig
    Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {F64345A0-5CAA-487D-A7F0-969CA1EF36DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-04-05 03:18 - 2011-04-05 03:18 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2017-04-07 08:41 - 2017-04-07 08:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1 [114]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2010-01-02 01:23 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-89516438-2981426202-1575652177-1000\Control Panel\Desktop\Wallpaper → C:\Users\User\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
    MSCONFIG\startupreg: Steam => “C:\Program Files (x86)\Steam\steam.exe” -silent

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{E4E50140-5E14-4A1F-9C4B-75AA24C496C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3AEE08F1-97D8-4BB6-B676-7435A42241A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{E8C5C7B9-2B03-47A4-B48C-FFEB0EB5750A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{113EB4B3-D2EE-418D-9B56-CC7F7500D9D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{91CE1043-D8E1-4C25-B99D-96F00CE5937C}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
    FirewallRules: [UDP Query User{F7E20652-4750-4A63-A81D-989F64522FF0}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
    FirewallRules: [TCP Query User{3DF8FB50-9CD5-4E6C-BAB1-ACB3F6586743}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{243CC3E7-DCB6-4225-A129-F30B512228BF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [{8A301A8A-AE4E-4DF5-9E45-578EBF56B2D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    16-09-2017 17:08:46 Windows Modules Installer
    16-09-2017 17:10:51 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

    ==================== Event log errors: =========================
    [HEADING=1]Application errors:[/HEADING]
    Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

    Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: The Windows Search Service cannot load the property store information.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

    Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: The Windows Search Service cannot open the Jet property store.

    Details:
    0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

    Error: (09/16/2017 04:45:41 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: Windows (2148) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS00115.log.
    [HEADING=1]System errors:[/HEADING]
    Error: (09/16/2017 05:13:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (09/16/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (09/16/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.

    Error: (09/16/2017 04:44:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (09/16/2017 04:43:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UPnP Device Host service failed to start due to the following error:
    The service did not start due to a logon failure.

    Error: (09/16/2017 04:43:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (09/16/2017 04:43:56 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error “1069” attempting to start the service upnphost with arguments “” in order to run the server:
    {204810B9-73B2-11D4-BF42-00B0D0118B56}
    [HEADING=1]CodeIntegrity:[/HEADING]
    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
    Percentage of memory in use: 51%
    Total physical RAM: 4007.98 MB
    Available physical RAM: 1948.33 MB
    Total Virtual: 8014.17 MB
    Available Virtual: 6255.59 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.95 GB) (Free:4.38 GB) NTFS
    Drive f: () (Removable) (Total:14.45 GB) (Free:14.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ================================================== ======
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C95BC1DE)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ================================================== ======
    Disk: 1 (Size: 14.5 GB) (Disk ID: 76F55E53)
    Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=32 KB) - (Type=21)

    ==================== End of Addition.txt ============================
    [HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
    Run date: 2017-09-16 17:26:27[/HEADING]
    17:26:27.496 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:26:27.496 Number of processors: 2 586 0x2A07
    17:26:27.496 ComputerName: USER-PC UserName: User
    17:26:34.150 Initialize success
    17:26:34.210 VM: initialized successfully
    17:26:34.210 VM: Intel CPU virtualization not supported
    17:28:21.799 AVAST engine defs: 17030301
    17:30:33.935 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
    17:30:33.935 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
    17:30:34.125 Disk 0 MBR read successfully
    17:30:34.135 Disk 0 MBR scan
    17:30:34.215 Disk 0 Windows 7 default MBR code
    17:30:34.255 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:30:34.315 Disk 0 default boot code
    17:30:34.345 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
    17:30:34.515 Disk 0 scanning C:\Windows\system32\drivers
    17:30:54.970 Service scanning
    17:31:33.438 Modules scanning
    17:31:33.768 Disk 0 trace - called modules:
    17:31:33.778 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    17:31:33.788 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80046ed3e0]
    17:31:33.788 3 CLASSPNP.SYS[fffff8800115143f] → nt!IofCallDriver → [0xfffffa800415b0d0]
    17:31:33.788 5 ACPI.sys[fffff88000f5d7a1] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004189060]
    17:31:35.490 AVAST engine scan C:\Windows
    17:31:37.418 AVAST engine scan C:\Windows\system32
    17:37:57.780 AVAST engine scan C:\Windows\system32\drivers
    17:38:35.074 AVAST engine scan C:\Users\User
    17:44:30.564 AVAST engine scan C:\ProgramData
    17:45:01.503 Disk 0 statistics 3056540/0/0 @ 2.33 MB/s
    17:45:01.513 Scan finished successfully
    17:47:00.927 Disk 0 MBR has been saved successfully to “C:\Users\User\Desktop\MBR.dat”
    17:47:00.937 The log file has been saved successfully to “C:\Users\User\Desktop\aswMBR.txt”
    Tags: None
    • system
      PCHF Owner
      • Jan 2015
      • 7634
      #2
      Hello Jaymie,
      First thing is you do not have any antivirus app running on your machine, so that is an open door to anything malicious. Please attend to installing or at least enabling a full time antivirus, Would recommend uninstalling your currently disabled security. There are plenty of good ones out there for free such as Avast, 360 Total, Avira etc.

      Secondly your hard drive is almost full and this will prevent Windows from operating efficiently. You should remove or relocate unwanted/unused data from your C: drive.

      We will need a log from AdwCleaner for further information.

      Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

      Once downloaded to the desktop AdwCleaner will create an icon [MEDIA=imgur]eEGkHPS[/MEDIA]

      Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

      Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

      AdwCleaner will open, click the scan button to start searching.

      [MEDIA=imgur]hBYSf6z[/MEDIA]

      The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the “Clean” button.

      [MEDIA=imgur]ftC2WaB[/MEDIA]

      After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

      When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Clean log)

      [MEDIA=imgur]jr9Bx9h[/MEDIA]

      Please Copy and Paste the contents of the log file with your next reply.

      We now need to run Junkware Removal Tool (JRT) on your computer, please go HERE and download it to your DESKTOP.
      Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
      Should you receive any User Account Control (UAC) alert warning when starting JRT you can safely allow it.

      Right click the JRT desktop icon [MEDIA=imgur]fam7djI[/MEDIA] and select “run as administrator” from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.

      http://i.imgur.com/B7AebVQ.jpg?1


      Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post

        Comment

        • Jaymie1989
          PCHF Member
          • May 2017
          • 53
          #3
          Thanks for your reply. I have installed Avast.
          [HEADING=1]AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 17 17:23:03 2017[/HEADING]
          [HEADING=1]Updated on 2017/29/08 by Malwarebytes[/HEADING]
          [HEADING=1]Running on Windows 7 Ultimate (X64)[/HEADING]
          [HEADING=1]Mode: clean[/HEADING]
          [HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
          ***** [ Services ] *****

          No malicious services deleted.

          ***** [ Folders ] *****

          Deleted: C:\Program Files\e64b5f6d2eee67dc2fc2c18b94e108be

          ***** [ Files ] *****

          No malicious files deleted.

          ***** [ DLL ] *****

          No malicious DLLs cleaned.

          ***** [ WMI ] *****

          No malicious WMI cleaned.

          ***** [ Shortcuts ] *****

          No malicious shortcuts cleaned.

          ***** [ Tasks ] *****

          No malicious tasks deleted.

          ***** [ Registry ] *****

          No malicious registry entries deleted.

          ***** [ Firefox (and derivatives) ] *****

          No malicious Firefox entries deleted.

          ***** [ Chromium (and derivatives) ] *****

          No malicious Chromium entries deleted.

          ::Tracing keys deleted
          ::Winsock settings cleared
          ::Additional Actions: 0

          C:/AdwCleaner/AdwCleaner[C0].txt - [2128 B] - [2010/1/2 1:38:24]
          C:/AdwCleaner/AdwCleaner[S0].txt - [2117 B] - [2010/1/2 1:38:10]
          C:/AdwCleaner/AdwCleaner[S1].txt - [1535 B] - [2017/9/16 15:19:2]
          C:/AdwCleaner/AdwCleaner[S2].txt - [1193 B] - [2017/9/17 17:22:8]

          ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
          Code:
          Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by User (Administrator) on 17/09/2017 at 18:51:01.24
          File System: 9

          Successfully deleted: C:\Windows\wininit.ini (File)
          Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\5N1QHZCN (Temporary Internet Files Folder)
          Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\AFCUQGQQ (Temporary Internet Files Folder)
          Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\C8261M7R (Temporary Internet Files Folder)
          Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\L5TZG2PA (Temporary Internet Files Folder)
          Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\5N1QHZCN (Temporary Internet Files Folder)
          Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFCUQGQQ (Temporary Internet Files Folder)
          Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8261M7R (Temporary Internet Files Folder)
          Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5TZG2PA (Temporary Internet Files Folder)

          Registry: 0
          Code:
          Scan was completed on 17/09/2017 at 18:59:28.31
End of JRT log

            Comment

            • system
              PCHF Owner
              • Jan 2015
              • 7634
              #4
              From the latest log.
              Originally posted by Jaymie1989
              Name: SM Bus Controller
              Description: SM Bus Controller
              Class Guid:
              Manufacturer:
              Service:
              Problem: : The drivers for this device are not installed. (Code 28)
              [ul]
              [li]This message from your log is indicative of not having your chipset drivers installed. Looking in Device manager may also confirm this. If the case please only get the drivers from your motherboard/PC manufacturer.[/li][li]Also have you addressed the serious shortage of free disc space?[/li][/ul]

              Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click “Save File” and then “OK”

              [MEDIA=imgur]vzol8OV[/MEDIA]

              Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

              [MEDIA=imgur]pjsQ8XB[/MEDIA]

              To run the fix right click the FRST icon and choose “Run as Administrator” then click on “Fix”

              [MEDIA=imgur]cp0349X[/MEDIA]

              Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the “Fixlist.txt” file you created will be renamed “Fixlog.txt”

              Please COPY and PASTE the contents of this new file in your next post:slight_smile:

                Comment

                • Jaymie1989
                  PCHF Member
                  • May 2017
                  • 53
                  #5
                  [HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
                  Ran by User (18-09-2017 14:13:04) Run:1
                  Running from C:\Users\User\Downloads
                  Loaded Profiles: User (Available Profiles: User)
                  Boot Mode: Normal[/HEADING]
                  fixlist content:

                  Start
                  CreateRestorepoint:
                  CloseProcesses:
                  FF Plugin: @microsoft.com/GENUINE → disabled [No File]
                  FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
                  S3 Synth3dVsc; System32\drivers\synth3dvsc.sys
                  S3 tsusbhub; system32\drivers\tsusbhub.sys
                  S3 VGPU; System32\drivers\rdvgkmd.sys
                  Task: {021E162C-EDA6-468C-9DD2-28996F336D9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
                  Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshConfigAndContent
                  Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
                  Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe → /ScheduleUpgradeReminderTime
                  Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
                  Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshConfig
                  Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshContent
                  Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
                  Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe → /RefreshConfig
                  Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
                  FirewallRules: [TCP Query User{3DF8FB50-9CD5-4E6C-BAB1-ACB3F6586743}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
                  FirewallRules: [UDP Query User{243CC3E7-DCB6-4225-A129-F30B512228BF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
                  FirewallRules: [{8A301A8A-AE4E-4DF5-9E45-578EBF56B2D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Windows\System32\Tasks\Safer-Networking
                  C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx
                  C:\Windows\system32\GWX
                  C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers
                  C:\ProgramData\TEMP1B5B4F1 [114]
                  C:\ProgramData\hash.dat
                  EmptyTemp:
                  Hosts:
                  Reboot:
                  End

                  Restore point was successfully created.
                  Processes closed successfully.
                  HKLM\Software\MozillaPlugins@microsoft.com/GENUINE => key removed successfully
                  HKLM\Software\Wow6432Node\MozillaPlugins@microsoft.com/GENUINE => key removed successfully
                  HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully
                  Synth3dVsc => service removed successfully
                  HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully
                  tsusbhub => service removed successfully
                  HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
                  VGPU => service removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{021E162 C-EDA6-468C-9DD2-28996F336D9C} => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{021E162 C-EDA6-468C-9DD2-28996F336D9C} => key removed successfully
                  C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner SkipUAC => key removed successfully
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1104C83 9-6310-4BB9-B27D-60655EDA3A1B} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Window s\System32\Tasks\Microsoft\Windows\Setup\gwx\refre shgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1104C83 9-6310-4BB9-B27D-60655EDA3A1B} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2EFE862 F-7F0B-42E5-BD3B-52EFAE9F78E1} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Window s\System32\Tasks\Microsoft\Windows\Setup\GWXTrigge rs\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2EFE862 F-7F0B-42E5-BD3B-52EFAE9F78E1} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B68255E 5-3D5A-46A9-A7A0-C514F9CBEA29} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Window s\System32\Tasks\Microsoft\Windows\Setup\GWXTrigge rs\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B68255E 5-3D5A-46A9-A7A0-C514F9CBEA29} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Window s\System32\Tasks\Microsoft\Windows\Setup\GWXTrigge rs\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B68255E 5-3D5A-46A9-A7A0-C514F9CBEA29} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E865C57 4-2F76-4E37-9ACD-3AFB12F8DDB3} => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Window s\System32\Tasks\Microsoft\Windows\Setup\gwx\refre shgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E865C57 4-2F76-4E37-9ACD-3AFB12F8DDB3} => key not found.
                  HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\TCP Query User{3DF8FB50-9CD5-4E6C-BAB1-ACB3F6586743}C:\program files (x86)\kodi\kodi.exe => value removed successfully
                  HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\UDP Query User{243CC3E7-DCB6-4225-A129-F30B512228BF}C:\program files (x86)\kodi\kodi.exe => value removed successfully
                  HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{8A301A8 A-AE4E-4DF5-9E45-578EBF56B2D2} => value removed successfully
                  C:\Windows\System32\Tasks\Safer-Networking => moved successfully
                  “C:\Windows\System32\Tasks\Microsoft\Windows\Setup \gwx” => not found.
                  “C:\Windows\system32\GWX” => not found.
                  “C:\Windows\System32\Tasks\Microsoft\Windows\Setup \GWXTriggers” => not found.
                  “C:\ProgramData\TEMP1B5B4F1 [114]” => not found.
                  C:\ProgramData\hash.dat => moved successfully
                  C:\Windows\System32\Drivers\etc\hosts => moved successfully
                  Hosts restored successfully.

                  =========== EmptyTemp: ==========

                  BITS transfer queue => 8388608 B
                  DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3180449 B
                  Java, Flash, Steam htmlcache => 23589052 B
                  Windows/system/drivers => 2999604 B
                  Edge => 0 B
                  Chrome => 101376 B
                  Firefox => 1910071 B
                  Opera => 0 B

                  Temp, IE cache, history, cookies, recent:
                  Users => 0 B
                  Default => 0 B
                  Public => 0 B
                  ProgramData => 0 B
                  systemprofile => 33253 B
                  systemprofile32 => 33253 B
                  LocalService => 0 B
                  NetworkService => 450560 B
                  User => 54018593 B

                  RecycleBin => 0 B
                  EmptyTemp: => 90.3 MB temporary data Removed.

                  ================================

                  The system needed a reboot.

                  ==== End of Fixlog 14:13:34 ====

                  I’m sorting out the chipset drivers and a storage space.

                    Comment

                    • system
                      PCHF Owner
                      • Jan 2015
                      • 7634
                      #6
                      Originally posted by Jaymie1989
                      I’m sorting out the chipset drivers and a storage space.
                      Hi Jaymie, Suggest if you attend to the above your computer should be good to go. Please advise if there are any issues?

                        Comment

                        • Jaymie1989
                          PCHF Member
                          • May 2017
                          • 53
                          #7
                          Hi Gus,

                          All seems good. No issues.

                          Thank you.

                            Comment

                            • system
                              PCHF Owner
                              • Jan 2015
                              • 7634
                              #8
                              You are welcome, You can remove the tools we used by following this guide.

                              Please go HERE and download Delfix Save it to your desktop.
                              Right click the new Delfix desktop icon [MEDIA=imgur]3gArQoZ[/MEDIA] and then click “run as administrator”
                              Place a tick in the following checkboxes
                              [ol]
                              [li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][li]Then select “Run”[/li][/ol]
                              [MEDIA=imgur]tdR6h0N[/MEDIA]

                              Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop.

                                Comment

                                Previous template Next
                                Working...

                                  We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                  By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                  I Agree