Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware on laptop

Re-post

  • Please log in to reply

#1
Jan1959

Jan1959

    Member

  • Member
  • PipPipPip
  • 255 posts

Hi,

 

This laptop wouldn't load up and was hanging on start up. It took 20 minutes before the Windows screen appeared. Ran MAMB and found 384 'problems' mainly pup. Laptop still very, very slow to respond. I can't access safe mode, just doesn't happen despite hitting F8 repeatedly. Tried downloading CC cleaner but can't access it as a window pops up saying that it's being redirected to an un-secure site.

 

Here is the Farbar report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Sigi (administrator) on SIGI-TOSH (12-08-2018 17:30:13)
Running from C:\Users\Sigi\Downloads
Loaded Profiles: Sigi (Available Profiles: Sigi & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Windows\System32\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Sigi\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-08-12] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [3324 2013-03-08] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [3324 2013-03-08] ()
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [36864 2018-04-12] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012-08-22]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012-08-22]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012-08-22]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{1a89cfcb-0f9b-447f-a1bd-e69ffaf1ae02}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=oa-longexposure
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.co.uk/
SearchScopes: HKLM -> {A90CE3DD-37AE-42C1-B5BD-AAEF62D43701} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 -> {A90CE3DD-37AE-42C1-B5BD-AAEF62D43701} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-165228165-2834802897-1162503413-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05
SearchScopes: HKU\S-1-5-21-165228165-2834802897-1162503413-1000 -> 09736983-2c76-4c72-8e4e-c8e3159c5be0 URL = hxxp://www.bing.com/search?q={searchTerms}&form=DMLE14&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-165228165-2834802897-1162503413-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05
SearchScopes: HKU\S-1-5-21-165228165-2834802897-1162503413-1000 -> {A90CE3DD-37AE-42C1-B5BD-AAEF62D43701} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enGB510
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
 
Edge: 
======
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.47.0_neutral__8wekyb3d8bbwe [not found]
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-01-13] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Duolingo on the Web) - C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-01-11]
CHR Extension: (AdBlock) - C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-08-12]
CHR Extension: (Cut the Rope) - C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-10-25]
CHR Extension: (AVG SafePrice) - C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Sigi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-08-12] (AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-08-12] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7829784 2018-08-12] (AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-08-12] (AVG Technologies)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-07] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-07] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189544 2018-08-12] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [222288 2018-08-12] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [194224 2018-08-12] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [339048 2018-08-12] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51952 2018-08-12] (AVG Technologies CZ, s.r.o.)
S3 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15352 2018-08-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-08-12] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [152016 2018-08-12] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [104256 2018-08-12] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [78352 2018-08-12] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1020112 2018-08-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [458024 2018-08-12] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203544 2018-08-12] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [373944 2018-08-12] (AVG Technologies CZ, s.r.o.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-12] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [65792 2015-05-29] (Realtek Microelectronics)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2018-04-12] (Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-07] (Microsoft Corporation)
U1 avgbdisk; no ImagePath
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-12 17:29 - 2018-08-12 17:29 - 002412544 _____ (Farbar) C:\Users\Sigi\Downloads\FRST64 (2).exe
2018-08-12 17:21 - 2018-08-12 17:22 - 000053944 _____ C:\Users\Sigi\Downloads\Addition.txt
2018-08-12 17:19 - 2018-08-12 17:30 - 000019125 _____ C:\Users\Sigi\Downloads\FRST.txt
2018-08-12 17:18 - 2018-08-12 17:30 - 000000000 ____D C:\FRST
2018-08-12 17:18 - 2018-08-12 17:18 - 002412544 _____ (Farbar) C:\Users\Sigi\Downloads\FRST64 (1).exe
2018-08-12 17:13 - 2018-08-12 17:17 - 000421940 _____ C:\Users\Sigi\Downloads\FRST64.exe
2018-08-12 16:22 - 2018-08-12 16:22 - 000000000 __SHD C:\found.001
2018-08-12 16:09 - 2018-08-12 16:09 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2018-08-12 16:09 - 2018-08-12 16:09 - 000002423 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2018-08-12 16:08 - 2018-08-12 16:08 - 000003416 _____ C:\WINDOWS\System32\Tasks\AVGUpdateTaskMachineUA
2018-08-12 16:08 - 2018-08-12 16:08 - 000003292 _____ C:\WINDOWS\System32\Tasks\AVGUpdateTaskMachineCore
2018-08-12 16:08 - 2018-08-12 16:08 - 000000000 ____D C:\Program Files (x86)\AVG
2018-08-12 16:04 - 2018-08-12 16:04 - 000000000 ____D C:\Users\Sigi\AppData\Roaming\AVG
2018-08-12 16:03 - 2018-08-12 16:08 - 000000000 ____D C:\Users\Sigi\AppData\Local\Avg
2018-08-12 16:03 - 2018-08-12 16:03 - 000001909 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2018-08-12 16:03 - 2018-08-12 16:03 - 000001897 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-08-12 16:03 - 2018-08-12 16:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2018-08-12 16:02 - 2018-08-12 17:17 - 000458024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000455464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.153409067101502
2018-08-12 16:02 - 2018-08-12 16:02 - 000379120 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-08-12 16:02 - 2018-08-12 16:02 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000203544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000189544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000152016 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000015352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2018-08-12 16:02 - 2018-08-12 16:02 - 000003992 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-08-12 16:02 - 2018-08-12 16:02 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-08-12 16:01 - 2018-08-12 16:01 - 000000000 ____D C:\Program Files\AVG
2018-08-12 15:58 - 2018-08-12 16:02 - 000000000 ____D C:\ProgramData\AVG
2018-08-12 15:57 - 2018-08-12 15:57 - 007460520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Sigi\Downloads\avg_antivirus_free_setup.exe
2018-08-12 14:58 - 2018-08-12 14:58 - 015989160 _____ (Piriform Ltd) C:\Users\Sigi\Downloads\ccsetup544.exe
2018-08-12 14:54 - 2018-08-12 15:19 - 000000000 ____D C:\Program Files\CCleaner
2018-08-12 14:54 - 2018-08-12 14:59 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-12 14:54 - 2018-08-12 14:59 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-12 14:54 - 2018-08-12 14:54 - 016004240 _____ (Piriform Ltd) C:\Users\Sigi\Downloads\ccsetup544pro.exe
2018-08-12 14:54 - 2018-08-12 14:54 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-12 14:54 - 2018-08-12 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-12 04:37 - 2018-08-12 04:37 - 000000000 __SHD C:\found.000
2018-08-11 15:02 - 2018-08-12 17:04 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-11 15:02 - 2018-08-11 15:02 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-11 15:02 - 2018-08-11 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-11 15:02 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-08-07 22:47 - 2018-08-08 08:01 - 000000000 ____D C:\Users\Sigi\AppData\Local\CrashDumps
2018-08-07 21:31 - 2018-08-07 21:31 - 000000000 ____D C:\Users\Sigi\AppData\Local\D3DSCache
2018-07-23 18:33 - 2018-07-23 18:33 - 000001780 _____ C:\Users\Sigi\Downloads\Weaveworld9780007382965.acsm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-12 17:17 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-12 17:08 - 2018-06-13 10:00 - 000006892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-12 17:04 - 2018-06-13 10:05 - 000000000 ____D C:\Users\Sigi
2018-08-12 17:03 - 2018-06-13 10:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-12 17:03 - 2018-06-13 00:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-12 16:46 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 16:30 - 2018-06-13 10:26 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6A58A313-5A41-4B0B-BFA4-D63E6E8F3B27}
2018-08-12 16:23 - 2012-11-14 18:35 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-12 16:20 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-12 16:14 - 2012-11-14 18:35 - 000000000 ____D C:\ProgramData\AVAST Software
2018-08-12 16:04 - 2018-07-12 21:20 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-08-12 16:02 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-12 15:21 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-08-12 15:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-12 15:15 - 2018-05-18 17:14 - 000000000 ____D C:\Users\Sigi\AppData\Local\AVAST Software
2018-08-12 15:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-12 15:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-12 15:10 - 2012-05-11 19:50 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-08-12 14:54 - 2018-06-13 10:05 - 000000000 ____D C:\Users\DefaultAppPool
2018-08-11 15:02 - 2012-11-12 13:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-11 14:58 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-10 02:49 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-09 23:16 - 2012-05-11 19:52 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-07 23:04 - 2018-06-13 10:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-08-07 22:58 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-07 22:47 - 2010-11-21 04:27 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-08-01 19:17 - 2018-07-12 19:02 - 000000000 ____D C:\ProgramData\Packages
2018-07-18 19:17 - 2018-06-13 10:26 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-165228165-2834802897-1162503413-1000
2018-07-18 19:17 - 2018-06-13 10:05 - 000002371 _____ C:\Users\Sigi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-18 19:17 - 2016-03-08 08:35 - 000000000 ___RD C:\Users\Sigi\OneDrive
 
==================== Files in the root of some directories =======
 
2017-05-21 16:48 - 2018-03-12 18:19 - 000006252 _____ () C:\Users\Sigi\AppData\Roaming\mindhabits.dat
2014-07-17 18:35 - 2014-07-17 18:23 - 000137216 _____ () C:\Users\Sigi\AppData\Local\Web Data
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-13 00:25
 
==================== End of FRST.txt =============
 
And here is the additional text:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Sigi (12-08-2018 17:31:13)
Running from C:\Users\Sigi\Downloads
Windows 10 Home Version 1803 17134.165 (X64) (2018-06-13 09:28:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-165228165-2834802897-1162503413-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-165228165-2834802897-1162503413-503 - Limited - Disabled)
Guest (S-1-5-21-165228165-2834802897-1162503413-501 - Limited - Disabled)
Sigi (S-1-5-21-165228165-2834802897-1162503413-1000 - Administrator - Enabled) => C:\Users\Sigi
WDAGUtilityAccount (S-1-5-21-165228165-2834802897-1162503413-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1.1.081 (HKLM-x32\...\MindHabits Trainer_is1) (Version:  - )
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-5929a798-9dc7-47ab-b719-0453bf4c0154) (Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (HKLM-x32\...\WTA-6858590f-3950-47fb-b5de-7553842dc548) (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 67.1.633.101 - AVG Technologies)
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden
BBC iPlayer Desktop (HKLM-x32\...\{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}) (Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
Bejeweled 3 (HKLM-x32\...\WTA-9a0522b5-1bcb-41ba-858b-74cf4991120a) (Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cake Mania (HKLM-x32\...\WTA-99bd473c-04ba-4f79-a917-eadd9eb35cd7) (Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MG5100 series User Registration (HKLM-x32\...\Canon MG5100 series User Registration) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WTA-e3fd4493-83c6-448f-a175-9cce817318d5) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10500.2.65 - Nero AG) Hidden
iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.)
Insaniquarium Deluxe (HKLM-x32\...\WTA-e74822f9-c9e1-4dac-955a-5b6d34e5c470) (Version: 2.2.0.97 - WildTangent) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{5581A594-89CB-4062-81C3-2E9F7A76FBE0}) (Version: 12.7.4.76 - Apple Inc.)
Jewel Quest Solitaire 2 (HKLM-x32\...\WTA-8c3100a8-799b-4622-8026-c9a0b85f0847) (Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\WTA-42e5c9cc-9d31-460b-ba04-79cf9be5be59) (Version: 2.2.0.95 - WildTangent) Hidden
Nero 11 Essentials (HKLM-x32\...\{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}) (Version: 11.0.00300 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-0f92a45a-0d72-4bdb-b56d-80fa63955900) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-13108051-f90b-4f62-baf0-0bdac8785511) (Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RtkClassFilter (HKLM-x32\...\{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-44d2d6ab-8ae0-48c0-b4b6-6632bba19e0b) (Version: 2.2.0.98 - WildTangent) Hidden
welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.22500.0.0 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-165228165-2834802897-1162503413-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-165228165-2834802897-1162503413-1000_Classes\CLSID\{00000002-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-165228165-2834802897-1162503413-1000_Classes\CLSID\{00000003-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-165228165-2834802897-1162503413-1000_Classes\CLSID\{00000006-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-165228165-2834802897-1162503413-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sigi\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-08-12] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-08-12] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {092156DF-8D7C-4E5D-8205-7F8082F0B55C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0D668AC6-BA39-49BA-BE62-CFF6F9D7F0D4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-08-12] (AVG Technologies CZ, s.r.o.)
Task: {0DFD6AFB-AE24-40C8-A749-656535C1E0DD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {10D25802-5244-4969-B6BC-589E61DE0B3B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1B22E073-9C02-4E75-B651-BD0987C8E15C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1C7D0DDD-B79A-4433-838B-7F09C53AD2F6} - System32\Tasks\{5BE935FE-3735-44F9-8EBC-AFB9774FA7B3} => C:\windows\system32\pcalua.exe -a E:\JRT.exe -d E:\
Task: {23894463-BCE2-47B8-8710-8A6184A264AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {257EDDD2-0E44-499E-AC11-44A6923BEE3A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {28620217-C919-4F50-BC7A-9FFAC7522111} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2DD09C75-74AA-4CF4-9BBE-BEF9F8D5A019} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35DB0B8D-5A9C-4DCF-BBE7-1A695FBFEDEE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-12] (Piriform Ltd)
Task: {3FAEB5EF-1E28-4DCF-A512-7B677F0F2A7A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-03-18] (Apple Inc.)
Task: {3FF90772-A31E-4C28-97BB-E87EBBF535E2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4D3355D0-CBD9-4BCA-8DC3-3F9A7D54BBE5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {52E03F55-47CC-453A-ACC7-1C4E61810CA3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {534C6D00-8638-468F-B378-13F180D8066B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {5A5C172A-FFBA-4060-83CB-044720540B34} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {5BAF5500-A194-4803-A9B9-1BEA5C6D41F4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5DE2ADF8-53A8-4CEB-ABE2-958BE2BB6638} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5ED5E2E5-262A-49C5-AF91-73C3742898DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {653DFB11-0544-452A-8ECB-3DC650918F8E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6F4E1515-61D6-4A39-8BAA-51A395F6FD35} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6FBD540B-BBB5-415C-923F-A625B6835300} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7718ECB9-32BA-4A5A-85AB-B769D4F26391} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {79C89764-6E5E-47E4-94F8-6C0FCA39CDC3} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-08-12] (AVG Technologies) <==== ATTENTION
Task: {7A00A26E-32B7-47BC-AE29-BCC7C31981C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-10] (AVAST Software)
Task: {7A4AFF4C-DE0C-40BE-A73B-25A64D45206C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B57C5D2-1325-4A3E-A5AC-093F967ECB46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7CA36F52-75A3-4399-95D1-05D385B8632A} - System32\Tasks\avastBCLRestartS-1-5-21-165228165-2834802897-1162503413-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {7F887C20-98A1-4A86-9AB0-F2C4855545E2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81AAC80D-7E99-45AF-8FE6-FDE734689D53} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8255A663-3AC6-45A0-A5A3-7B9F8F1BE175} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {83E34EBB-F5D2-46FF-8374-0FB0EDAB1543} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8A513962-0D1F-4CD6-96B5-8E383995C6E7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8B41E8B7-0DB4-4B01-BA87-B6C02736CED9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C85370B-ED9F-4316-BAD6-80770FBD4963} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {95A52300-8E27-4FD5-9A58-6986E08527F8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-08-12] (AVG Technologies CZ, s.r.o.)
Task: {975C8505-59B6-46F1-8075-00D2715D3777} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {9C11064C-9060-445A-AC16-F264363133B0} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-08-12] (AVG Technologies) <==== ATTENTION
Task: {A55F1F14-69B8-435F-86D7-25472433A18F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A8545808-48A3-4534-96AF-EBBF715EC9F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A88166EC-217C-4428-A96B-6892CD05E395} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2BB7F44-49F9-4EBF-9DE2-DB09D59C31B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C35E01A1-96BF-4654-90CB-F831F47E9843} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C41FCE0F-3809-4398-AE90-43C47537C189} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C66FD7E6-AE92-40B5-BFF4-B9958C218724} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF9EDA1F-4291-46E0-B418-839FAF705709} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D44A4E01-921C-4AB3-BCDD-1BDD524825D9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D9D9F4FD-5539-40FD-ABCC-D6F359188C16} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBD6216C-7A84-455E-A685-063B390C5855} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E469A984-B78C-483E-A46E-5EFA67A2B340} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E869E9F5-CF71-4B80-9277-AAF897855546} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {EA5E0DF0-BDAC-4F3E-99FB-4026061592A9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3EBCB46-4D58-426D-BCEA-CA05AF359941} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-12] (Piriform Ltd)
Task: {F712CB93-1C47-4280-9A9A-BE5FA77CF283} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD665142-2D53-496B-8CB3-3329E3E05D44} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-22 20:34 - 2010-09-10 01:26 - 000162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-22 20:15 - 2012-02-21 20:29 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2018-08-11 15:02 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-12 19:11 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-12 19:00 - 2018-07-12 19:01 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-07-17 04:07 - 2018-07-17 04:07 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 04:07 - 2018-07-17 04:07 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 04:07 - 2018-07-17 04:07 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 04:07 - 2018-07-17 04:07 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 04:07 - 2018-07-17 04:07 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-08-11 14:57 - 2018-08-11 14:57 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-11 14:57 - 2018-08-11 14:57 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-11 14:57 - 2018-08-11 14:57 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 16:43 - 2017-09-26 16:44 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-11 14:57 - 2018-08-11 14:57 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-08-09 23:16 - 2018-08-08 01:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-09 23:16 - 2018-08-08 01:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2012-09-27 10:22 - 2012-09-27 10:22 - 000158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2018-08-12 16:03 - 2018-08-12 16:03 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-08-12 16:02 - 2018-08-12 16:02 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2012-08-22 20:15 - 2012-02-21 20:09 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:8F7DC5D9 [286]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2018-08-07 20:36 - 000000098 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sigi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{25f426c4-28dc-4bc0-a00a-d25476f70c97}.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sigi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\windows\pss\BBC iPlayer Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sigi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\windows\pss\TRDCReminder.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SRS Premium Sound HD => "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\StartupApproved\Run: => "TOPI.EXE"
HKU\S-1-5-21-165228165-2834802897-1162503413-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BDD4EF3F-FC99-4F03-A74D-4D89F979A5D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{434172B3-4A6C-4B1E-B419-2513CEB4AAB8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{20FB7FC1-0518-4EF5-99EC-7BB5485E77BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36246DD4-8377-4347-8FE4-501F9FCDAEDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F8F6AC3-BCF0-45D0-AF15-C85BB8CAA24F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B20363C6-C689-40B1-8F3E-859294B2736E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B9C33B1-1900-41A9-922F-F79D581A1D4F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EE4203FA-9C6A-4152-B7DD-46BD4EFFB1ED}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8A3A33C0-BCDF-472E-B775-FA997A93E84A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9743BF60-F604-437B-8242-2F3C6B9063C1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7C3D8949-39DB-4BC5-B0F8-5734F93CF1A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E5C2EED8-6BE6-455D-B62F-F38FA262B375}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1129C9DE-F76A-409E-9D40-DFA84C278210}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1ABABE60-FBA3-4DAB-BEFB-5334D97E3A2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68920F2D-6CBF-48D0-8272-F39C02A8D98C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{C2E332C9-60BC-48D8-B9C3-7560B4341363}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{01CCB81B-53FD-48E0-9416-59E43CF7DF05}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{E46ECA38-FE1D-4F8F-A966-8C705D4CB50C}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{E98C7F69-02DB-46A0-807C-5D1A7487B522}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8F32F04C-7C59-4375-A127-C034F99F1F9B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A38FD897-BE92-4E21-BE86-6AAE4509069C}] => (Allow) LPort=1900
FirewallRules: [{8A0BC2E9-B706-445D-9F05-4622B2E86374}] => (Allow) LPort=2869
FirewallRules: [{2DBD14CD-3F62-4B70-B2B6-5356A79EAD80}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5A30F4C2-3C62-4D84-BA51-87BBA36C9266}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{13084134-5622-4F3F-9F0A-2CEA04099E10}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{94E1EE2C-B4BD-4D7D-9EAD-0EF5CDAE2178}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{600A321A-F7BB-4392-8569-CBB10827E17E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{81708A34-D57D-47A0-8139-E6574C5ED82C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{E35E0A18-7BC5-49FC-86FC-F829A351EFDC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{45D9FCB0-24AF-4DE9-8824-3B9F20C2B773}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{14A2F83E-C58C-4FBC-9266-44E9835C0F0E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1CA4C035-A8E4-4E14-BAAF-3B9F284493E9}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{B8C64DBC-AB96-45E5-BCD3-AAD907AC67BF}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{158B032F-C0C6-494F-B791-9B750C294485}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2018 05:08:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/12/2018 05:08:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/12/2018 04:26:39 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (08/12/2018 04:26:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (08/12/2018 04:26:37 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_64_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
 
Error: (08/12/2018 04:26:37 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL ASP.NET_64_2.0.50727 in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.
 
Error: (08/12/2018 02:19:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
Error: (08/12/2018 01:19:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
 
 
System errors:
=============
Error: (08/12/2018 05:17:17 PM) (Source: DCOM) (EventID: 10010) (User: SIGI-TOSH)
Description: The server {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD} did not register with DCOM within the required timeout.
 
Error: (08/12/2018 05:06:20 PM) (Source: DCOM) (EventID: 10016) (User: SIGI-TOSH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Sigi-TOSH\Sigi SID (S-1-5-21-165228165-2834802897-1162503413-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/12/2018 05:04:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/12/2018 05:03:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error: 
The system cannot find the file specified.
 
Error: (08/12/2018 05:03:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error: 
The system cannot find the file specified.
 
Error: (08/12/2018 05:03:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error: 
The system cannot find the file specified.
 
Error: (08/12/2018 05:03:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error: 
The system cannot find the file specified.
 
Error: (08/12/2018 05:03:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WAS service terminated with the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
===================================
Date: 2018-08-07 23:01:48.494
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EE0B88A8-049E-4FBE-BF08-BA7E30C82F10}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-12 15:44:54.164
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
Date: 2018-08-12 15:22:02.449
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-08-10 20:32:39.197
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2018-08-07 22:47:10.989
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Backup
Error Code: 0x8050a004
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
Signature version: 1.225.1299.0;1.225.1299.0
Engine version: 1.1.12902.0
 
Date: 2018-08-07 22:32:08.970
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x8050a004
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
Signature version: 1.225.1401.0;1.225.1401.0
Engine version: 1.1.12902.0
 
CodeIntegrity:
===================================
 
Date: 2018-08-12 14:55:38.267
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:25.505
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:25.463
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:25.382
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:25.029
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:24.817
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:24.667
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-13 23:35:21.724
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B820 @ 1.70GHz
Percentage of memory in use: 39%
Total physical RAM: 6033.8 MB
Available physical RAM: 3623.75 MB
Total Virtual: 12177.8 MB
Available Virtual: 10123.3 MB
 
==================== Drives ================================
 
Drive c: (TI30875400C) (Fixed) (Total:447.58 GB) (Free:376.39 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{979cf4e0-ec8c-11e1-88c1-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS
\\?\Volume{b0de4f87-0000-0000-0000-204370000000}\ () (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B0DE4F87)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=447.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1007 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.7 GB) - (Type=17)
 
==================== End of Addition.txt ============================
 
I know that you guys are great, please help with this one.

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,016 posts
  • MVP

I don't see any obvious malware in your logs.  Do uninstall Bonjour as your version doesn't work on Win 10.

 

 

 

Sometimes the boot log will tell us something:

 

https://www.tenforum...og-windows.html

 

To see the bootlog you may have to tell windows not to hide it:

http://www.howtogeek...-windows-vista/
 

The boot log is not much use in Safe Mode

 

 

 

Win 10 doesn't use F8 to get into Safe Mode.  Instead use one of the methods shown here:

https://support.micr...pc-in-safe-mode

 

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 


  • 0

#3
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Thank you very much for responding to me.

 

Files as instructed:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 1,564 K 6,612 K 2916 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
audiodg.exe 9,528 K 16,700 K 11100
AVGBrowserCrashHandler.exe 2,076 K 184 K 7056
AVGBrowserCrashHandler64.exe 1,996 K 136 K 7152
Bootstrap.exe 4,268 K 15,692 K 10468 Intel Services Manager Launcher Intel Corporation (Verified) Intel® Services Manager
chrome.exe 2,620 K 8,740 K 9352 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,544 K 9,264 K 9392 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 14,148 K 22,340 K 1220 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 163,932 K 177,120 K 9620 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 47,184 K 61,864 K 8652 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 37,036 K 53,972 K 7512 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 39,816 K 63,764 K 9500 Google Chrome Google Inc. (Verified) Google Inc
ctfmon.exe 3,712 K 13,660 K 2160
dasHost.exe 7,068 K 17,672 K 4436
dllhost.exe 1,816 K 6,764 K 7468 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,636 K 3,732 K 992
fontdrvhost.exe < 0.01 2,116 K 4,680 K 996
GFNEXSrv.exe 2,048 K 8,252 K 2504 GFNEXSrv (Verified) PEGATRON CORPORATION
HeciServer.exe 1,604 K 7,340 K 3176 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
IntelMeFWService.exe 1,260 K 5,244 K 3184 (Verified) Intel Corporation
Jhi_service.exe 1,648 K 6,784 K 3292 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
Memory Compression 32 K 4 K 1992
mqsvc.exe 4,328 K 12,760 K 3900 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
MSASCuiL.exe 2,256 K 9,336 K 9120 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
NASvc.exe 2,488 K 9,744 K 6708 NeroUpdate Nero AG (Verified) Nero AG
OfficeHubTaskHost.exe Suspended 7,456 K 30,276 K 9048 Office Hub Task Host Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 3,436 K 10,392 K 9308 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Registry 19,504 K 27,356 K 84
RuntimeBroker.exe 3,348 K 11,372 K 10152 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,868 K 10,368 K 9656 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,680 K 14,820 K 8452 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,316 K 8,820 K 788 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,004 K 22,512 K 8240 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 4,268 K 18,240 K 8200 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 18,336 K 18,480 K 4852 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 53,688 K 105,524 K 7828 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,304 K 15,620 K 3484 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 6,776 K 10,824 K 844
SettingSyncHost.exe 6,116 K 7,952 K 8604 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 1,920 K 3,984 K 6740 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 30,288 K 80,768 K 7996 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 14,256 K 14,808 K 8908 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 564 K 1,184 K 452
SMSvcHost.exe 24,472 K 22,016 K 3396 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
software_reporter_tool.exe 2,560 K 1,380 K 3748 Software Reporter Tool Google (Verified) Google Inc
spoolsv.exe 5,768 K 15,184 K 2832 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,068 K 3,932 K 432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 9,496 K 1324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,648 K 10,448 K 1428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,740 K 5,912 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,280 K 9,108 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,652 K 6,396 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,448 K 9,772 K 3144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,696 K 6,496 K 3440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 7,828 K 3504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,352 K 5,556 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,484 K 11,816 K 4276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,416 K 5,392 K 4332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,436 K 5,444 K 3888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,412 K 6,072 K 5340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 6,944 K 5352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,144 K 8,672 K 5984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,452 K 10,460 K 6328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,368 K 8,648 K 3088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,108 K 8,108 K 5520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,804 K 7,652 K 3644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,728 K 5,744 K 8576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 10,272 K 7128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,908 K 7,720 K 9268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,052 K 6,732 K 10132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,692 K 12,340 K 3236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,796 K 6,604 K 2204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,904 K 15,024 K 4256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,240 K 8,280 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,884 K 9,960 K 3108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,392 K 5,728 K 1924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,868 K 7,660 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,232 K 7,260 K 2364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,812 K 9,788 K 1680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,220 K 10,652 K 3100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,096 K 7,476 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,092 K 7,688 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,808 K 13,232 K 5736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,944 K 7,884 K 2196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,404 K 8,852 K 3380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,984 K 15,552 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,096 K 11,308 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,864 K 9,456 K 1588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,272 K 7,828 K 4828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,560 K 24,300 K 6924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,060 K 12,632 K 2124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,240 K 20,308 K 7336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,280 K 7,476 K 1688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,180 K 20,140 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,564 K 20,084 K 7044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 6,608 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,872 K 7,720 K 1700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,292 K 28,124 K 5700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,292 K 11,560 K 2528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,484 K 24,988 K 6100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,400 K 18,700 K 288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,636 K 19,964 K 3156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,588 K 24,188 K 3116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,596 K 17,056 K 2704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,404 K 29,752 K 644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,468 K 7,820 K 1048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 11,624 K 20,824 K 1240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,660 K 11,792 K 1848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,036 K 7,988 K 2908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.04 6,812 K 13,088 K 832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,980 K 13,852 K 2288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnhService.exe 1,356 K 5,084 K 3512 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPHelper.exe 1,316 K 4,696 K 1860
taskhostw.exe 5,808 K 12,672 K 6768 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TemproSvc.exe 24,948 K 22,052 K 3604 Toshiba TEMPRO Toshiba Europe GmbH (Verified) Toshiba Europe GmbH
TosCoSrv.exe 2,876 K 8,240 K 3636 TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
UNS.exe 3,828 K 11,764 K 1092 User Notification Service Intel Corporation (Verified) Intel Corporation
unsecapp.exe 1,344 K 6,388 K 3528
Video.UI.exe Suspended 19,756 K 32,660 K 6760 (No signature was present in the subject)
wininit.exe 1,648 K 6,680 K 768
winlogon.exe 2,500 K 10,020 K 872
WmiPrvSE.exe 3,312 K 9,252 K 2968
WmiPrvSE.exe 2,668 K 8,480 K 2424
WmiPrvSE.exe 6,544 K 13,552 K 4160
MBAMService.exe < 0.01 17,552 K 48,664 K 3328 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
TODDSrv.exe < 0.01 1,276 K 5,240 K 3612 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
csrss.exe 1,928 K 5,212 K 688
aswidsagenta.exe < 0.01 17,504 K 33,904 K 6584 AVG Software Analyzer AVG Technologies CZ, s.r.o. (Verified) AVG Netherlands B.V.
svchost.exe < 0.01 4,288 K 15,176 K 7612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe < 0.01 13,600 K 27,580 K 7380 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
TecoService.exe < 0.01 1,872 K 7,820 K 3696 TOSHIBA eco Utility Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
SynTPEnh.exe < 0.01 6,392 K 20,648 K 6952 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
lsass.exe 6,164 K 16,528 K 888 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,372 K 18,948 K 3760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe < 0.01 6,572 K 25,260 K 5060 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,708 K 12,672 K 2216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,000 K 9,100 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe < 0.01 3,360 K 12,152 K 3076 MobileDeviceService Apple Inc. (Verified) Apple Inc.
mbamtray.exe 0.01 21,100 K 36,208 K 5836 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
chrome.exe 0.01 80,668 K 104,728 K 10200 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.01 35,560 K 48,736 K 5612 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.01 42,320 K 55,468 K 8548 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 5,020 K 15,944 K 2444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AVGSvc.exe 0.02 83,476 K 39,112 K 2496 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Netherlands B.V.
svchost.exe 0.02 11,916 K 41,304 K 600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 21,420 K 28,120 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
updateui.exe 0.03 11,548 K 24,608 K 10948 (No signature was present in the subject)
chrome.exe 0.03 133,684 K 186,892 K 9332 Google Chrome Google Inc. (Verified) Google Inc
LMS.exe 0.04 1,736 K 5,920 K 2920 Local Manageability Service Intel Corporation (Verified) Intel Corporation
explorer.exe 0.15 43,016 K 97,400 K 6300 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AVGUI.exe 0.21 24,452 K 48,840 K 8204 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Netherlands B.V.
ismagent.exe 0.21 19,444 K 34,184 K 10508 Intel Services Manager Intel Corporation (Verified) Intel® Services Manager
csrss.exe 0.54 2,284 K 5,292 K 780
software_reporter_tool.exe 0.83 3,844 K 4,456 K 6800 Software Reporter Tool Google (Verified) Google Inc
Interrupts 0.89 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.84 188 K 796 K 4
svchost.exe 1.64 58,612 K 67,592 K 1916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dwm.exe 2.96 29,764 K 49,864 K 1132
procexp64.exe 5.62 28,908 K 61,332 K 9800 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
software_reporter_tool.exe 26.30 14,400 K 18,132 K 8132 Software Reporter Tool Google (Verified) Google Inc
System Idle Process 75.94 52 K 8 K 0
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        84 N/A                                         
smss.exe                       452 N/A                                         
csrss.exe                      688 N/A                                         
wininit.exe                    768 N/A                                         
csrss.exe                      780 N/A                                         
services.exe                   844 N/A                                         
winlogon.exe                   872 N/A                                         
lsass.exe                      888 KeyIso, SamSs, VaultSvc                     
fontdrvhost.exe                992 N/A                                         
fontdrvhost.exe                996 N/A                                         
svchost.exe                    432 PlugPlay                                    
svchost.exe                    644 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                    832 RpcEptMapper, RpcSs                         
svchost.exe                   1048 LSM                                         
dwm.exe                       1132 N/A                                         
svchost.exe                   1240 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1296 TimeBrokerSvc                               
svchost.exe                   1324 NcbService                                  
svchost.exe                   1340 Schedule                                    
svchost.exe                   1428 ProfSvc                                     
svchost.exe                   1464 hidserv                                     
svchost.exe                   1476 EventLog                                    
svchost.exe                   1588 UserManager                                 
svchost.exe                   1612 nsi                                         
svchost.exe                   1688 Dhcp                                        
svchost.exe                   1700 camsvc                                      
svchost.exe                   1848 NlaSvc                                      
svchost.exe                   1904 EventSystem                                 
svchost.exe                   1916 SysMain                                     
svchost.exe                   1924 Themes                                      
Memory Compression            1992 N/A                                         
svchost.exe                   2020 SENS                                        
svchost.exe                    972 AudioEndpointBuilder                        
svchost.exe                   1044 FontCache                                   
svchost.exe                   1536 netprofm                                    
svchost.exe                   2124 Audiosrv                                    
svchost.exe                   2196 Dnscache                                    
svchost.exe                   2204 DusmSvc                                     
svchost.exe                   2216 Wcmsvc                                      
svchost.exe                   2288 StateRepository                             
svchost.exe                   2364 WinHttpAutoProxySvc                         
svchost.exe                   2444 WlanSvc                                     
AVGSvc.exe                    2496 AVG Antivirus                               
GFNEXSrv.exe                  2504 GFNEXSrv                                    
svchost.exe                   2528 ShellHWDetection                            
svchost.exe                   2704 Winmgmt                                     
spoolsv.exe                   2832 Spooler                                     
svchost.exe                   2908 LanmanWorkstation                           
WmiPrvSE.exe                  2968 N/A                                         
armsvc.exe                    2916 AdobeARMservice                             
AppleMobileDeviceService.     3076 Apple Mobile Device Service                 
svchost.exe                   3100 AppHostSvc                                  
svchost.exe                   3108 CryptSvc                                    
svchost.exe                   3116 DiagTrack                                   
svchost.exe                   3124 DeviceAssociationService                    
svchost.exe                   3144 FDResPub                                    
svchost.exe                   3156 DPS                                         
HeciServer.exe                3176 Intel® Capability Licensing Service Interf
                                   ace                                         
IntelMeFWService.exe          3184 Intel® ME Service                         
svchost.exe                   3236 iphlpsvc                                    
Jhi_service.exe               3292 jhi_service                                 
MBAMService.exe               3328 MBAMService                                 
svchost.exe                   3380 LanmanServer                                
SMSvcHost.exe                 3396 NetTcpPortSharing                           
svchost.exe                   3440 SstpSvc                                     
SecurityHealthService.exe     3484 SecurityHealthService                       
svchost.exe                   3504 stisvc                                      
SynTPEnhService.exe           3512 SynTPEnhService                             
unsecapp.exe                  3528 N/A                                         
TemproSvc.exe                 3604 TemproMonitoringService                     
TODDSrv.exe                   3612 TODDSrv                                     
TosCoSrv.exe                  3636 TosCoSrv                                    
TecoService.exe               3696 TOSHIBA eco Utility Service                 
svchost.exe                   3708 TrkWks                                      
svchost.exe                   3760 WpnService                                  
mqsvc.exe                     3900 MSMQ                                        
WmiPrvSE.exe                  4160 N/A                                         
svchost.exe                   4276 RasMan                                      
svchost.exe                   4332 WdiServiceHost                              
dasHost.exe                   4436 N/A                                         
svchost.exe                   4828 SSDPSRV                                     
svchost.exe                   3888 lmhosts                                     
svchost.exe                   5340 Appinfo                                     
svchost.exe                   5352 PolicyAgent                                 
svchost.exe                   5984 NcdAutoSetup                                
svchost.exe                   1680 wscsvc                                      
svchost.exe                   6328 Netman                                      
aswidsagenta.exe              6584 avgbIDSAgent                                
svchost.exe                   7044 BITS                                        
AVGBrowserCrashHandler.ex     7056 N/A                                         
AVGBrowserCrashHandler64.     7152 N/A                                         
svchost.exe                    288 CDPSvc                                      
svchost.exe                   1440 DoSvc                                       
LMS.exe                       2920 LMS                                         
svchost.exe                   3088 StorSvc                                     
NASvc.exe                     6708 NAUpdate                                    
SgrmBroker.exe                6740 SgrmBroker                                  
svchost.exe                   6924 UsoSvc                                      
SearchIndexer.exe             4852 WSearch                                     
UNS.exe                       1092 UNS                                         
mbamtray.exe                  5836 N/A                                         
sihost.exe                    5060 N/A                                         
svchost.exe                   6100 CDPUserSvc_114f52                           
svchost.exe                    600 WpnUserService_114f52                       
taskhostw.exe                 6768 N/A                                         
svchost.exe                   5520 TabletInputService                          
SynTPEnh.exe                  6952 N/A                                         
ctfmon.exe                    2160 N/A                                         
explorer.exe                  6300 N/A                                         
SynTPHelper.exe               1860 N/A                                         
svchost.exe                   3644 PcaSvc                                      
svchost.exe                   7336 TokenBroker                                 
dllhost.exe                   7468 N/A                                         
ShellExperienceHost.exe       7996 N/A                                         
SearchUI.exe                  7828 N/A                                         
RuntimeBroker.exe             8240 N/A                                         
RuntimeBroker.exe             8452 N/A                                         
SettingSyncHost.exe           8604 N/A                                         
MSASCuiL.exe                  9120 N/A                                         
AVGUI.exe                     8204 N/A                                         
svchost.exe                   8576 WdiSystemHost                               
svchost.exe                   5736 LicenseManager                              
OfficeHubTaskHost.exe         9048 N/A                                         
SkypeHost.exe                 8908 N/A                                         
Video.UI.exe                  6760 N/A                                         
RuntimeBroker.exe             8200 N/A                                         
svchost.exe                   4256 lfsvc                                       
chrome.exe                    9332 N/A                                         
chrome.exe                    9352 N/A                                         
chrome.exe                    9392 N/A                                         
chrome.exe                    9500 N/A                                         
chrome.exe                    9620 N/A                                         
RuntimeBroker.exe            10152 N/A                                         
chrome.exe                   10200 N/A                                         
RuntimeBroker.exe              788 N/A                                         
svchost.exe                   5700 OneSyncSvc_114f52,                          
                                   PimIndexMaintenanceSvc_114f52,              
                                   UnistoreSvc_114f52, UserDataSvc_114f52      
svchost.exe                   7128 SEMgrSvc                                    
RuntimeBroker.exe             9656 N/A                                         
chrome.exe                    8652 N/A                                         
chrome.exe                    8548 N/A                                         
chrome.exe                    5612 N/A                                         
svchost.exe                  10132 gpsvc                                       
smartscreen.exe               7380 N/A                                         
chrome.exe                    1220 N/A                                         
chrome.exe                    7512 N/A                                         
procexp.exe                   9308 N/A                                         
procexp64.exe                 9800 N/A                                         
WmiPrvSE.exe                  2424 N/A                                         
Bootstrap.exe                10468 N/A                                         
ismagent.exe                 10508 N/A                                         
updateui.exe                 10948 N/A                                         
svchost.exe                   6736 NgcCtnrSvc                                  
dllhost.exe                  10252 N/A                                         
audiodg.exe                   8740 N/A                                         
dllhost.exe                   5564 N/A                                         
dllhost.exe                   7748 N/A                                         
cmd.exe                       7024 N/A                                         
conhost.exe                   5644 N/A                                         
tasklist.exe                  5028 N/A                                         
 
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,016 posts
  • MVP

Looking at your Speccy log I see the hard drive is on its last legs:

 

05
                                            Attribute name    Reallocated Sectors Count
                                            Real value    5,224
                                            Current    100
                                            Worst    100
                                            Raw Value    0000001468
                                            Status    Good

...

C4
                                            Attribute name    Reallocation Event Count
                                            Real value    282
                                            Current    100
                                            Worst    100
                                            Raw Value    000000011A
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    4,768
                                            Current    100
                                            Worst    100
                                            Raw Value    00000012A0
                                            Status    Good

 

   Even tho it claims these values are good they definitely are not.   Hard drive typically have only about 200 spare sectors that can be used to replace bad sectors.   You need 5000!

If you look at the FRST log you will see:

 

 

2018-08-12 16:22 - 2018-08-12 16:22 - 000000000 __SHD C:\found.001

 

 

                           

Found.00x folders are created by the disk check process when it finds and recovers files on bad sectors so odds are the very long boot process was caused by the disk check.

 

You should get a new hard drive ASAP and clone the old drive:

Short term back up everything you don't want to lose then buy a new drive preferably a Western Digital Black ( they really do seem to be better and last longer)
Amazon has one that will work and give you some extra space and a boost in speed for about $67:
WD Black 1TB Performance Mobile Hard Disk Drive - 7200 RPM SATA 6 Gb/s 32MB Cache 9.5 MM 2.5 Inch - WD10JPLX
by Western Digital

(You can use any SATA III, 2.5 Inch drive, 500 GB or larger -  Western Digital Blues are cheaper and decent.  Just avoid Seagate.  They don't last)


and a USB to SATA adapter

Amazon has lots.  Here is one for $12

StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable

and clone the drive.  You can use the program from your new hard drive  you can use one of the free ones:

http://www.techrepub...-cloning-tools/

I've had good luck with Macrium Reflect Free Edition

Some of them require you to boot from a CD or USB drive (it's faster that way but others like Macrium Reflect Free Edition can clone from within windows).

You plug the new drive into the usb adapter and the adapter into your PC's USB jack.  Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.

Once the cloning software finishes you shut it down, use a small Phillips screw driver to remove the 2 screws that hold the cover on the drive, remove the screws (may be 2 more screws).  Often the drive is in a carrier so you need to remove 4 more screws.  Keep the screws separate since they may be different sizes.  Remove the old drive, install the new.  Boot up and run speccy to make sure that the new drive is clean.  



 

I put the following together before I saw the bad hard drive in Speccy:

 

 

You can run the disk check manually:

 

https://www.tekrevue...dsk-windows-10/

 

Since sectors have been lost I would also run DISM and SFC:

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

 

Search for

 

programs and features

 

hit Enter.  (This is the same as Control Panel, (View By: Large Icons), Programs and Features)

 

Now click on

Turn Windows Features On or Off

 

Uncheck:

Internet Information Services

Internet Information Services Hostable Webcore

 

OK

 

Close Programs and Features window.

 

Reboot

 

Now search for

 

services.msc

 

hit Enter

 

 

This will bring up the services window.

 

Verify that the following services are either not present or are set to disabled:

 

 
NetTcpActivator (I think the full name for these has a dot after the Net and may have spaces between the words)

NetMsmqActivator

NetPipeActivator

W3SVC  (World Wide Web Publishing Service (W3SVC))

WAS (Windows Process Activation Service (WAS) )

 

If any are present and are not set to Disabled, right click on each and select Properties then change the Startup Type: to Disabled.  Then OK

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   14.27KB   6 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Run Process Explorer again and post its log

 

 

 

 


  • 0

#5
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Thank you, I assumed that it was a virus as the PC was fine until a little while ago. Is it worth doing your suggestions before purchasing a new hard drive?


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,016 posts
  • MVP

Backup anything you don't want to lose (pictures, documents, music, videos) first.  The drive could fail at any time.  You might want to download a new copy of Win 10 and put it on a USB drive just in case:

https://www.lifewire...dows-10-2626215

 

Then you can do the things I suggested while you wait for the new drive to arrive.


  • 0

#7
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts

Thank you very much for all your help and advise.

 

Again, aplogies for posting on the malware site. I didn't know that PC's could actually wear out..

 

I will do as you have suggested.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,016 posts
  • MVP

No problem posting in the malware forum.  It's our job to decide what is wrong not yours.  It's actually the best place to post since we are allowed to run scans in this forum (like FRST) that we aren't allowed to run in the others.  If you need help with the cloning feel free to post a Reply here.  I don't close topics.

 

Hard drives are moving parts so they eventually wear out.  (They also don't like being dropped or moved while running.)  Other moving parts are the cooling fan and the CD/DVD player.  These don't often fail but it happens.  Another thing which shortens the life of a PC is overheating.  This is usually caused by dust buildup between the fan and the heatsink but it can be caused by something as simply as running a laptop on a soft surface like a bed.  This blocks the air intakes on the bottom of the unit.  Overheating will slow down a PC (the CPU knows when it is getting hot and will run slower to protect itself) and can cause component failure.  It can also dry out the thermal paste (between the CPU and the heatpipe/sink) leading to a permanent overheat condition.  Batteries also have limited lives.  In addition to the main battery on a laptop, most PCs have a small battery to power the clock & CMOS when the unit is not on.  These also wear out after several years and need to be replaced.  Connectors (especially those used a lot like the power jack) will eventually wear out from metal fatigue or corrosion.  Same goes for keyboards.  The screen on older laptops can fail when the backlight bulbs die or the high voltage dc/dc converter quits working.  So PCs - especially laptops - do not last forever.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP