Solved General Check up after virus' found

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
J

Jaymie1989

PCHF Member
May 22, 2017
53
5
35
Hi,

Just a general check up after ADW Cleaner and MBAM found virus'

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
Ran by User (administrator) on USER-PC (16-09-2017 17:18:29)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-89516438-2981426202-1575652177-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9855192 2017-09-07] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{54D1A28F-5F1E-440D-BD54-B4A46862681B}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{54D1A28F-5F1E-440D-BD54-B4A46862681B}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{6C0FD1C6-3145-4497-BD6C-45D5D3D96C33}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6C0FD1C6-3145-4497-BD6C-45D5D3D96C33}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-89516438-2981426202-1575652177-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-89516438-2981426202-1575652177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=eheeVruXEZLj8wekyorwBw&gws_rd=ssl

FireFox:
========
FF DefaultProfile: 1y9dlr0s.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1y9dlr0s.default [2017-09-16]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-16] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-09-16]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-22]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-16] (Malwarebytes)
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-16 17:18 - 2017-09-16 17:20 - 000007386 _____ C:\Users\User\Downloads\FRST.txt
2017-09-16 17:17 - 2017-09-16 17:18 - 000000000 ____D C:\FRST
2017-09-16 17:16 - 2017-09-16 17:17 - 002398720 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-09-16 17:11 - 2017-04-27 23:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-09-16 17:11 - 2017-04-12 14:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-16 16:48 - 2017-09-16 16:48 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-09-16 16:48 - 2017-09-16 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-09-16 16:48 - 2017-09-16 16:48 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2017-09-16 16:44 - 2017-09-16 16:44 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-16 16:42 - 2017-09-16 16:42 - 000058016 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-16 16:40 - 2017-09-16 16:40 - 000000085 _____ C:\Windows\wininit.ini
2017-09-16 16:40 - 2017-09-16 16:40 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-09-16 16:37 - 2017-09-16 16:37 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-16 16:37 - 2017-09-16 16:37 - 000000000 ____D C:\Program Files\CCleaner
2017-09-16 10:51 - 2017-09-16 16:39 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-09-16 10:48 - 2017-09-16 16:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-16 10:48 - 2017-09-16 16:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-16 10:46 - 2017-09-16 10:46 - 000000000 ____D C:\Windows\pss
2017-08-30 13:23 - 2017-08-30 13:23 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-16 17:18 - 2009-07-14 06:13 - 000782430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-16 17:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-16 17:13 - 2010-01-01 19:01 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-16 17:13 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-16 17:13 - 2009-07-14 05:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-16 17:13 - 2009-07-14 05:45 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-16 17:06 - 2010-01-02 00:53 - 000000000 ____D C:\Windows\erdnt
2017-09-16 17:04 - 2016-01-23 19:00 - 000766740 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-16 16:39 - 2010-01-01 19:01 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-16 16:38 - 2010-01-02 06:57 - 000000000 ____D C:\Windows\Panther
2017-09-16 16:19 - 2010-01-02 02:36 - 000000000 ____D C:\AdwCleaner
2017-09-16 10:35 - 2016-01-22 08:58 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-16 10:35 - 2016-01-22 08:58 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-24 12:27 - 2010-01-01 19:01 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2016-02-11 14:45 - 2015-12-13 14:45 - 000000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-31 08:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017
Ran by User (16-09-2017 17:21:57)
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2010-01-01 22:03:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-89516438-2981426202-1575652177-500 - Administrator - Disabled)
Guest (S-1-5-21-89516438-2981426202-1575652177-501 - Limited - Disabled)
User (S-1-5-21-89516438-2981426202-1575652177-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
WinDirStat 1.1.2 (HKU\S-1-5-21-89516438-2981426202-1575652177-1000\...\WinDirStat) (Version: - )
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-05] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-26] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021E162C-EDA6-468C-9DD2-28996F336D9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {29AD3F05-A353-4C69-9241-88D14FF6385C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {F64345A0-5CAA-487D-A7F0-969CA1EF36DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-04-05 03:18 - 2011-04-05 03:18 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-04-07 08:41 - 2017-04-07 08:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [114]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-01-02 01:23 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-89516438-2981426202-1575652177-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E4E50140-5E14-4A1F-9C4B-75AA24C496C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3AEE08F1-97D8-4BB6-B676-7435A42241A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E8C5C7B9-2B03-47A4-B48C-FFEB0EB5750A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{113EB4B3-D2EE-418D-9B56-CC7F7500D9D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{91CE1043-D8E1-4C25-B99D-96F00CE5937C}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{F7E20652-4750-4A63-A81D-989F64522FF0}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{3DF8FB50-9CD5-4E6C-BAB1-ACB3F6586743}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{243CC3E7-DCB6-4225-A129-F30B512228BF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8A301A8A-AE4E-4DF5-9E45-578EBF56B2D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-09-2017 17:08:46 Windows Modules Installer
16-09-2017 17:10:51 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/16/2017 04:45:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/16/2017 04:45:41 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (09/16/2017 04:45:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2148) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00115.log.


System errors:
=============
Error: (09/16/2017 05:13:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (09/16/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/16/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (09/16/2017 04:44:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (09/16/2017 04:43:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/16/2017 04:43:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/16/2017 04:43:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}


CodeIntegrity:
===================================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 4007.98 MB
Available physical RAM: 1948.33 MB
Total Virtual: 8014.17 MB
Available Virtual: 6255.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:4.38 GB) NTFS
Drive f: () (Removable) (Total:14.45 GB) (Free:14.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C95BC1DE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 76F55E53)
Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32 KB) - (Type=21)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-09-16 17:26:27
-----------------------------
17:26:27.496 OS Version: Windows x64 6.1.7601 Service Pack 1
17:26:27.496 Number of processors: 2 586 0x2A07
17:26:27.496 ComputerName: USER-PC UserName: User
17:26:34.150 Initialize success
17:26:34.210 VM: initialized successfully
17:26:34.210 VM: Intel CPU virtualization not supported
17:28:21.799 AVAST engine defs: 17030301
17:30:33.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:30:33.935 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
17:30:34.125 Disk 0 MBR read successfully
17:30:34.135 Disk 0 MBR scan
17:30:34.215 Disk 0 Windows 7 default MBR code
17:30:34.255 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:30:34.315 Disk 0 default boot code
17:30:34.345 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
17:30:34.515 Disk 0 scanning C:\Windows\system32\drivers
17:30:54.970 Service scanning
17:31:33.438 Modules scanning
17:31:33.768 Disk 0 trace - called modules:
17:31:33.778 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:31:33.788 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046ed3e0]
17:31:33.788 3 CLASSPNP.SYS[fffff8800115143f] -> nt!IofCallDriver -> [0xfffffa800415b0d0]
17:31:33.788 5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004189060]
17:31:35.490 AVAST engine scan C:\Windows
17:31:37.418 AVAST engine scan C:\Windows\system32
17:37:57.780 AVAST engine scan C:\Windows\system32\drivers
17:38:35.074 AVAST engine scan C:\Users\User
17:44:30.564 AVAST engine scan C:\ProgramData
17:45:01.503 Disk 0 statistics 3056540/0/0 @ 2.33 MB/s
17:45:01.513 Scan finished successfully
17:47:00.927 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
17:47:00.937 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
 
Hello Jaymie,
First thing is you do not have any antivirus app running on your machine, so that is an open door to anything malicious. Please attend to installing or at least enabling a full time antivirus, Would recommend uninstalling your currently disabled security. There are plenty of good ones out there for free such as Avast, 360 Total, Avira etc.

Secondly your hard drive is almost full and this will prevent Windows from operating efficiently. You should remove or relocate unwanted/unused data from your C: drive.

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon
eEGkHPS.jpg


Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

hBYSf6z.jpg


The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Clean" button.

ftC2WaB.jpg


After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Clean log)

jr9Bx9h.jpg


Please Copy and Paste the contents of the log file with your next reply.:thumbsup:

We now need to run Junkware Removal Tool (JRT) on your computer, please go HERE and download it to your DESKTOP.
Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
Should you receive any User Account Control (UAC) alert warning when starting JRT you can safely allow it.

Right click the JRT desktop icon
fam7djI.jpg
and select "run as administrator" from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.

B7AebVQ.jpg


Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post:)
 
Last edited:
  • Like
Reactions: Malnutrition
Thanks for your reply. I have installed Avast.

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 17 17:23:03 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files\e64b5f6d2eee67dc2fc2c18b94e108be


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2128 B] - [2010/1/2 1:38:24]
C:/AdwCleaner/AdwCleaner[S0].txt - [2117 B] - [2010/1/2 1:38:10]
C:/AdwCleaner/AdwCleaner[S1].txt - [1535 B] - [2017/9/16 15:19:2]
C:/AdwCleaner/AdwCleaner[S2].txt - [1193 B] - [2017/9/17 17:22:8]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by User (Administrator) on 17/09/2017 at 18:51:01.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5N1QHZCN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFCUQGQQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8261M7R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5TZG2PA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5N1QHZCN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFCUQGQQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8261M7R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5TZG2PA (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/09/2017 at 18:59:28.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
From the latest log.
Jaymie1989 said:
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Click to expand...

  • This message from your log is indicative of not having your chipset drivers installed. Looking in Device manager may also confirm this. If the case please only get the drivers from your motherboard/PC manufacturer.
  • Also have you addressed the serious shortage of free disc space?

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

vzol8OV.jpg


Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

pjsQ8XB.jpg


To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"

cp0349X.jpg


Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post:)
 

Attachments

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by User (18-09-2017 14:13:04) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorepoint:
CloseProcesses:
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {021E162C-EDA6-468C-9DD2-28996F336D9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {1104C839-6310-4BB9-B27D-60655EDA3A1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
FirewallRules: [TCP Query User{3DF8FB50-9CD5-4E6C-BAB1-ACB3F6586743}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{243CC3E7-DCB6-4225-A129-F30B512228BF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8A301A8A-AE4E-4DF5-9E45-578EBF56B2D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\Tasks\Safer-Networking
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
C:\Windows\system32\GWX
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\ProgramData\TEMP:D1B5B4F1 [114]
C:\ProgramData\hash.dat
EmptyTemp:
Hosts:
Reboot:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{021E162C-EDA6-468C-9DD2-28996F336D9C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{021E162C-EDA6-468C-9DD2-28996F336D9C} => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1104C839-6310-4BB9-B27D-60655EDA3A1B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1104C839-6310-4BB9-B27D-60655EDA3A1B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EFE862F-7F0B-42E5-BD3B-52EFAE9F78E1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B68255E5-3D5A-46A9-A7A0-C514F9CBEA29} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E865C574-2F76-4E37-9ACD-3AFB12F8DDB3} => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3DF8FB50-9CD5-4E6C-BAB1-ACB3F6586743}C:\program files (x86)\kodi\kodi.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{243CC3E7-DCB6-4225-A129-F30B512228BF}C:\program files (x86)\kodi\kodi.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A301A8A-AE4E-4DF5-9E45-578EBF56B2D2} => value removed successfully
C:\Windows\System32\Tasks\Safer-Networking => moved successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx" => not found.
"C:\Windows\system32\GWX" => not found.
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers" => not found.
"C:\ProgramData\TEMP:D1B5B4F1 [114]" => not found.
C:\ProgramData\hash.dat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3180449 B
Java, Flash, Steam htmlcache => 23589052 B
Windows/system/drivers => 2999604 B
Edge => 0 B
Chrome => 101376 B
Firefox => 1910071 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 33253 B
LocalService => 0 B
NetworkService => 450560 B
User => 54018593 B

RecycleBin => 0 B
EmptyTemp: => 90.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:13:34 ====

I'm sorting out the chipset drivers and a storage space.
 
You are welcome, You can remove the tools we used by following this guide.

Please go HERE and download Delfix Save it to your desktop.
Right click the new Delfix desktop icon
3gArQoZ.jpg
and then click "run as administrator"
Place a tick in the following checkboxes
  1. Remove disinfection tools
  2. Create registry backup
  3. Purge system restore
  4. Then select "Run"
tdR6h0N.jpg


Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop.
 
  • Like
Reactions: jmarket
Status
Not open for further replies.
Top Bottom