[dbreeze]

The infected system / AVG disk would be able to update if directly connected to the router (say, via a Ethernet cable).  However, in my past experience, that many infected files are never repaired to the point of usability again.  Your best option is to try the cable to update AVG prior to scanning and (if that still finds 1000+ infected files) then get a Factory Reset disk to wipe the system and restore it to Factory defaults.

[Advertisements]

Hi,

 

Ok, fair enough. Unfortunately, I don't have a factory reset disk. Are they easy to come by?

 

Failing that, if I'm connected to the router via an ethernet cable, could it reset without a disc by accessing the internet?

 

Thanks for your help.

 

RSP

[RedSuedePump]

Hi,

 

Ok, fair enough. Unfortunately, I don't have a factory reset disk. Are they easy to come by?

 

Failing that, if I'm connected to the router via an ethernet cable, could it reset without a disc by accessing the internet?

 

Thanks for your help.

 

RSP

[dbreeze]

What is the brand and model of the infected PC?  Perhaps there are some instructions to order a disk from the OEM.  Nowadays, the OEMs are kind of taking shortcuts and making the End User create these disks when they first start the computer but some still provide them for a fee.

[RedSuedePump]

Hi,

 

I managed to connect the infected computer to the router with an ethernet cable and the AVG scan software updated successfully.

 

I then ran the scan and got the result of no infected files, 1 warning and 4 errors. I then protected the file with the warning (nothing to do with Windows) but nothing has changed. I conclude the only option is a factory reset.

 

My daughter's pc is an old one that was built from components for me when I was living in France (i.e. it doesn't have a manufacturer's name/model). It came with WindowsXP and, having had a rummage in the loft, I found I still have the WindowsXP cd. When I bought my new desktop, I had the old one upgraded a bit and Windows 8 installed on both the old and new machines. I therefore found two Windows 8 cds in the loft as well.

 

I subsequently upgraded both machines to Windows 10 by download from the internet, hence I don't have any Windows 10 cds.

 

Do you think it's possible to do a Windows 8 reset and then upgrade to 10 again (hopefully at no cost)?

 

I've done resets before, but I do it so rarely that I usually follow a step by step video on Youtube. Would this be advisable?

 

Thanks for your help.

 

Regards

 

RSP

[RedSuedePump]

Hi,

 

Following my earlier post, I tried reinstalling Windows 8, but apparently the drive on which Windows is installed is locked. What's the best thing to do here? Might it be best to format the hard drive and start again from there?

 

Regards

 

RSP

[dbreeze]

Format the hard drive (there should be an option to do a Clean Installation of Win8 that will format the hard drive and then install the OS).  Then install Win8 and / or Win10 if you want.  It may be best to get the Win8 installation running smoothly (all hardware driver updates, etc.) before doing the Win10 upgrade.

 

Instructions: (I found that Britech videos are very well done and informative but you can find others also) Check here

[RedSuedePump]

Hi,

 

I've successfully installed Windows 8 onto the infected machine and it now runs. Curiously, I don't think I managed to format the hard drive, but nonetheless it installed. The C drive is partitioned into 3 parts and I managed to get it installed into the second section (wouldn't go into the first, for some reason). I've no idea if parts of the drive are still locked or remnants of the corrupted Windows or malware remain. Is there any way of checking this?

 

I've run the Fartbar tool with the following results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Sophia York (administrator) on Sophia (03-09-2017 19:05:45)
Running from C:\Users\Sophia York\Desktop
Loaded Profiles: Sophia York (Available Profiles: Sophia York)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1529C773-0DCE-4482-B5B2-2AAF72577992}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ECB58775-56BE-4B6D-825F-5F7F87932566}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-958184276-1650436010-2157447935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2016-07-26] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 19:26 - 2017-09-03 19:26 - 000008192 __RSH C:\BOOTSECT.BAK
2017-09-03 19:26 - 2017-09-03 18:51 - 000000000 ____D C:\Windows\Panther
2017-09-03 19:15 - 2017-09-03 19:15 - 000000000 ____D C:\Windows.old
2017-09-03 19:05 - 2017-09-03 19:06 - 000003057 _____ C:\Users\Sophia York\Desktop\FRST.txt
2017-09-03 19:05 - 2017-09-03 19:05 - 002395648 _____ (Farbar) C:\Users\Sophia York\Desktop\FRST64.exe
2017-09-03 19:05 - 2017-09-03 19:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-09-03 19:05 - 2017-09-03 19:05 - 000000000 ____D C:\Users\Sophia York\Desktop\FRST-OlderVersion
2017-09-03 18:59 - 2017-09-03 18:59 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-03 18:58 - 2017-09-03 18:58 - 000000000 ____D C:\Windows\LastGood
2017-09-03 18:58 - 2017-09-03 18:58 - 000000000 ____D C:\Program Files\Intel
2017-09-03 18:58 - 2015-08-09 04:50 - 000096752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-09-03 18:58 - 2015-08-09 04:50 - 000092648 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-09-03 18:56 - 2017-09-03 19:04 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-958184276-1650436010-2157447935-1001
2017-09-03 18:56 - 2017-09-03 18:56 - 000003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03E03838-D884-4434-9C6E-776321494011}
2017-09-03 18:56 - 2017-09-03 18:56 - 000000000 __SHD C:\Users\Sophia York\AppData\LocalLow\EmieUserList
2017-09-03 18:56 - 2017-09-03 18:56 - 000000000 __SHD C:\Users\Sophia York\AppData\LocalLow\EmieSiteList
2017-09-03 18:56 - 2017-09-03 18:56 - 000000000 __SHD C:\Users\Sophia York\AppData\Local\EmieUserList
2017-09-03 18:56 - 2017-09-03 18:56 - 000000000 __SHD C:\Users\Sophia York\AppData\Local\EmieSiteList
2017-09-03 18:51 - 2017-09-03 18:51 - 000001442 _____ C:\Users\Sophia York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-03 18:51 - 2017-09-03 18:51 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-09-03 18:51 - 2017-09-03 18:51 - 000000000 ____D C:\Users\Sophia York\AppData\Roaming\Adobe
2017-09-03 18:50 - 2017-09-03 18:52 - 000000000 ____D C:\Users\Sophia York\AppData\Local\Packages
2017-09-03 18:50 - 2017-09-03 18:51 - 000000000 ____D C:\Users\Sophia York
2017-09-03 18:50 - 2017-09-03 18:50 - 000000020 ___SH C:\Users\Sophia York\ntuser.ini
2017-09-03 18:50 - 2017-09-03 18:50 - 000000000 ____D C:\Users\Sophia York\AppData\Local\VirtualStore
2017-09-03 18:50 - 2014-03-18 16:27 - 000000369 _____ C:\Users\Sophia York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-09-03 18:50 - 2014-03-18 16:27 - 000000369 _____ C:\Users\Sophia York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-09-02 13:35 - 2017-09-02 13:35 - 000000000 ___HD C:\$SysReset
2017-09-02 12:57 - 2017-09-02 12:57 - 000000000 ____D C:\AvgArlBackup
2017-08-21 14:15 - 2017-09-03 19:05 - 000000000 ____D C:\FRST
2017-08-04 12:47 - 2017-08-04 12:47 - 000000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 19:26 - 2013-08-22 16:36 - 000262144 _____ C:\Windows\system32\config\BCD-Template
2017-09-03 19:05 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2017-09-03 19:00 - 2014-03-18 16:26 - 000818732 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-03 19:00 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-03 18:52 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-03 18:46 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-03 18:46 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2017-09-03 18:44 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache
2017-09-03 18:43 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-03 18:42 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-03 18:26

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Sophia York (03-09-2017 19:06:21)
Running from C:\Users\Sophia York\Desktop
Windows 8.1 (X64) (2017-09-03 17:50:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-958184276-1650436010-2157447935-500 - Administrator - Disabled)
Guest (S-1-5-21-958184276-1650436010-2157447935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-958184276-1650436010-2157447935-1003 - Limited - Enabled)
Sophia York (S-1-5-21-958184276-1650436010-2157447935-1001 - Administrator - Enabled) => C:\Users\Sophia York

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-958184276-1650436010-2157447935-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-09-2017 18:46:18 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2017 06:51:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004B100
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=b080aea2-e6c5-4b22-838e-fa4a21c931e3;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/03/2017 06:51:40 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004B100
Sku Id=b080aea2-e6c5-4b22-838e-fa4a21c931e3

Error: (09/03/2017 06:51:40 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004B100


System errors:
=============
Error: (09/03/2017 06:42:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The media is write protected.

Error: (09/03/2017 06:42:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (09/03/2017 06:40:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (09/03/2017 06:40:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (09/03/2017 06:38:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (09/03/2017 06:32:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
Server execution failed

Error: (09/03/2017 06:32:29 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2148007941.

Error: (09/03/2017 06:32:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (09/03/2017 06:30:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (09/03/2017 06:30:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G1820 @ 2.70GHz
Percentage of memory in use: 25%
Total physical RAM: 3972.53 MB
Available physical RAM: 2950.63 MB
Total Virtual: 5380.53 MB
Available Virtual: 4295.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.27 GB) (Free:109.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.34 GB) (Free:0.33 GB) NTFS
Drive e: (IR3_CCSA_X64FRE_EN-GB_DV9) (CDROM) (Total:3.84 GB) (Free:0 GB) UDF
Drive f: (EDWARD) (Removable) (Total:14.52 GB) (Free:14.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 9EB79EB7)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=148.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C4B5D987)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

I can't see any sign of that strange symbol any more, surely that has to be a good thing?

 

I look forward to hearing your views.

 

Regards

 

RSP

[RedSuedePump]

Actually, looking at the FRST report, the MBR and partition table says that two of the partitions are not active. Does that mean part of the hard drive is still locked?

 

Would it make sense to format the hard drive under the command prompt and reload Windows? Or am I making a fuss about nothing?

 

RSP

[dbreeze]

I would format the whole drive and reload Windows just to be on the sure side of the fence.  In the case that we just had of possible massive infections, this would be the best solution to get you the cleanest system the safest way.

 

Just to warn you: even after a total format of the whole hard drive, you will find multiple partitions on the drive.  Modern windows OS have a loading partition and a running partition so this is normal.  If you have any questions about getting the entire drive formatted, come back and ask.  There should be some options when you start loading the OS from the DVD to format the entire drive (all partitions will be wiped); choose that one.

[RedSuedePump]

Hi,

 

I've loaded the DVD 2 or 3 times (but only gone throught the full menu once) and as far as I can see, there are no options to format the whole drive. I've been watching closely to find one.

 

Is there another way of formatting the drive?

 

Regards

 

RSP

[RedSuedePump]

Hi,

 

I think I've managed to do a completely clean installation.

 

What I did was follow this guy here:

 

 

I don't see how he managed to dribble on about it for 24 minutes, but the useful part is from 8:13 to 9:50. Computer working nicely now.

 

All I need to do now is upgrade to Windows 10 and get Minecraft and other apps back.

 

RSP

[dbreeze]

There we go!!!  Great news!  Anything else you need, just come back and ask.  Enjoy the Holiday!

[RedSuedePump]

Thanks very much for your help, much appreciated.

 

RSP

[RedSuedePump]

Hi,

 

Just to close things off, Windows 10 is now working properly and I've reinstalled all of the important programmes, most importantly, Minecraft and it's all working as it should.

 

What troubles me is preventing this from happening again. The only potential sources I can think of are either from inside a Minecraft mod (most likely, in my view) or an attack from her favourite online gaming website, Roblox.

 

It seems mean to ban her from downloading Minecraft mods, as they can be a lot of fun, but it's hard to identify the dodgy ones. Is there a way of scanning downloads for bad software, or should we use only official Minecraft software?

 

TIA

 

RSP

[dbreeze]

A good Anti-Virus should help with the security of the system.  We recommend Avast Free or Microsoft Windows Defender (since you are running Win10, this is a AV / AS solution).  I would also recommend Malwarebytes AntiMalware as a second opinion scanner.

 

You can also send files to VirusTotal.com to have them checked before installing them on your system.  I find that the stats of the 50+ scan engines there are a big help in determining if a file / application / script is dangerous or not.

 

Again, sorry we could not find a solution that was less destructive to the system.  However, remember that I've always found that the best security is in front of the computer not in the computer.

 

If you ever need anything else, please come back and ask.  We are always here to help.