Hard Disc space is reducing mysteriously

[PeterPotus]

Spybot Version: 2.4 Home Edition
Windows Version: Windows Vista 32-bit

I am constantly losing disk space without logical reason. No one else uses the computer.
For weeks I have had to regularly use Microsoft "Disc Cleanup" but then the process re-starts and I lose about 10 Gb per day.

I use Disc Cleanup's option of removing everything prior to the last restore point. Twice a week I create a new restore point and then do a cleanup.
I think I have a virus as my downloads off the internet rarely reach 2 GB per month.

I have used Windows (Vista) Explorer "Advanced Search" looking for large files and/or files new or modified since a recent date (Including system files) but can see nothing suspicious.

It seems to happen when the system sleeps or when the screen saver is in use. The system comes out of "Sleep" by itself so when I open the laptop the screen saver is already running and I don't have to "wake" the system up.

Your help would be greatly appreciated.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-08-2015
Ran by Peter (administrator) on SUPER-PC (20-08-2015 16:59:01)
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Windows\tsnp2std.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonix) C:\Windows\vsnp2std.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Farbar) C:\Users\Peter\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Google Update] => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google Photos Backup] => C:\Windows\System32\config\systemprofile\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-08-23]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1647386704-1107108042-2413953793-1000] => localhost:21320
HKU\PE_C_PETER_2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.comsec.com.au/
HKU\PE_C_PETER_2\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\PE_C_PETER_2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bom.gov.au/products/IDR664.loop.shtml
hxxp://www.google.com/finance
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.comsec.com.au/
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bom.gov.au/products/IDR664.loop.shtml
hxxp://www.google.com/finance
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\PE_C_PETER_2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1647386704-1107108042-2413953793-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Download - {777D0B4C-75C9-4874-ABFF-80B4BE8DC532} - C:\Program Files\Diodia Software\Download Toolbar\DTB.dll [2007-05-20] (Diodia Software)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DEC06BFB-DF1D-45F3-A77A-FD481DD00E24}: [DhcpNameServer] 211.29.132.12 198.142.0.51
Tcpip\..\Interfaces\{E2EEDAEA-5C4D-43DF-8DE1-69AB544994FF}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-04]
FF HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Google Cast) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-08-02]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-08-02]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-07-29]
CHR Extension: (Film Homepage) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldclendgimaebbgkojkkhapdpgdcing [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R5 ACPI; C:\Windows\System32\drivers\acpi.sys [265688 2009-04-10] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R5 atapi; C:\Windows\System32\drivers\atapi.sys [19944 2009-04-10] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\CLFS.sys [244152 2015-03-05] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-18] (Microsoft Corporation)
R5 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [22632 2006-11-02] (Microsoft Corporation)
R5 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-10] (Microsoft Corporation)
R5 Ecache; C:\Windows\System32\drivers\ecache.sys [140224 2015-07-22] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-18] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Microsoft Corporation)
R5 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-01-18] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440768 2015-06-12] (Microsoft Corporation)
R5 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [56256 2015-07-22] (Microsoft Corporation)
R5 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R5 msahci; C:\Windows\System32\drivers\msahci.sys [27112 2009-04-10] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-18] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-10] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-10] (Microsoft Corporation)
R5 O2MDRDR; C:\Windows\System32\DRIVERS\o2media.sys [34176 2005-11-14] (O2Micro )
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-10] (Microsoft Corporation)
R5 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [177640 2009-04-10] (Microsoft Corporation)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12212736 2007-08-21] ()
R5 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-18] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [905664 2014-04-05] (Microsoft Corporation)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [43040 2010-04-10] (Realtek Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-18] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-10] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [224640 2012-08-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-27] (Microsoft Corporation)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S1 MpKsl75b4858b; no ImagePath
S3 NTIOLib_1_0_4; no ImagePath
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-20 16:56 - 2015-08-20 16:56 - 01677312 _____ (Farbar) C:\Users\Peter\Downloads\FRST (1).exe
2015-08-20 16:48 - 2015-08-20 16:48 - 01997137 _____ C:\Users\Peter\Downloads\tweaking.com_registry_backup_portable (1).zip
2015-08-19 19:45 - 2015-08-19 19:49 - 00001117 _____ C:\Users\Peter\Desktop\Windows Error Reporting -.lnk
2015-08-15 20:02 - 2015-08-15 20:02 - 00000000 ___DC C:\81febf40c361d2a78cf1
2015-08-14 10:17 - 2015-08-14 10:17 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-14 10:17 - 2015-08-14 10:17 - 00000000 ___RD C:\Program Files\Skype
2015-08-14 10:17 - 2015-08-14 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-14 10:17 - 2015-08-14 10:17 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-13 17:57 - 2015-08-18 16:28 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-08-13 17:07 - 2015-08-13 17:07 - 00000000 ___DC C:\6e9d546ed783cf8d4c9285af2bd313
2015-08-13 17:00 - 2015-08-20 17:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2015-08-13 17:00 - 2015-08-13 17:00 - 00000000 ____D C:\Users\Peter\AppData\Local\Skype
2015-08-13 16:55 - 2015-08-14 10:18 - 00000000 ____D C:\ProgramData\Skype
2015-08-12 14:25 - 2015-07-22 06:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 14:25 - 2015-07-22 02:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 14:25 - 2015-07-22 02:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 14:25 - 2015-07-22 02:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-12 14:25 - 2015-07-22 02:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 14:25 - 2015-07-22 02:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-12 14:25 - 2015-07-22 02:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 14:25 - 2015-07-22 02:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 14:22 - 2015-08-01 05:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:22 - 2015-07-10 00:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-12 14:21 - 2015-07-11 05:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 14:18 - 2015-07-12 01:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:07 - 2015-07-19 02:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:05 - 2015-07-11 05:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:05 - 2015-07-11 05:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:04 - 2015-08-01 08:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 13:04 - 2015-08-01 06:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:04 - 2015-08-01 06:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 13:04 - 2015-08-01 06:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 13:04 - 2015-08-01 06:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:04 - 2015-08-01 06:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:04 - 2015-08-01 06:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:04 - 2015-08-01 06:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:02 - 2015-07-02 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:01 - 2015-07-23 06:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:01 - 2015-07-23 06:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:01 - 2015-07-23 06:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:01 - 2015-07-23 06:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:01 - 2015-07-23 06:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:01 - 2015-07-23 06:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:01 - 2015-07-23 06:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 13:01 - 2015-07-23 06:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:01 - 2015-07-23 06:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-12 13:01 - 2015-07-23 06:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 13:01 - 2015-07-23 06:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 13:01 - 2015-07-23 06:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:01 - 2015-07-10 00:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:01 - 2015-07-10 00:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:00 - 2015-07-23 06:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 11:08 - 2015-08-11 11:08 - 00013916 _____ C:\Users\Peter\Downloads\CSVData (1).csv
2015-08-11 11:03 - 2015-08-11 11:03 - 00001813 _____ C:\Users\Peter\Downloads\CSVData.csv
2015-08-06 11:20 - 2015-08-06 11:20 - 00000000 ____D C:\Windows\pss
2015-08-06 11:14 - 2015-08-20 16:44 - 00000266 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2015-08-06 11:14 - 2015-08-18 16:30 - 00000266 _____ C:\Windows\Tasks\PC-Mechanic Subscription.job
2015-08-06 11:13 - 2015-08-06 11:13 - 00001016 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2015-08-06 11:13 - 2015-08-06 11:13 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Uniblue
2015-08-06 11:13 - 2015-08-06 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-06 11:13 - 2015-08-06 11:13 - 00000000 ____D C:\Program Files\Uniblue
2015-07-30 12:46 - 2015-07-30 12:46 - 05198336 _____ (AVAST Software) C:\Users\Peter\Downloads\aswMBR.exe
2015-07-30 12:27 - 2015-07-30 12:27 - 01187736 _____ (Uniblue Systems Limited ) C:\Users\Peter\Downloads\pcmechanicpm.exe
2015-07-29 20:41 - 2015-07-29 20:42 - 00042067 _____ C:\Users\Peter\Downloads\Addition.txt
2015-07-29 20:39 - 2015-08-20 16:59 - 00018561 _____ C:\Users\Peter\Downloads\FRST.txt
2015-07-29 20:38 - 2015-08-20 16:59 - 00000000 ___DC C:\FRST
2015-07-29 20:37 - 2015-07-29 20:37 - 01673728 _____ (Farbar) C:\Users\Peter\Downloads\FRST.exe
2015-07-29 20:34 - 2015-07-29 20:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SUPER-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-07-29 20:33 - 2015-07-29 20:33 - 00000000 ___DC C:\RegBackup
2015-07-29 20:32 - 2015-07-29 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-29 20:32 - 2015-07-29 20:32 - 00000000 ____D C:\Program Files\Tweaking.com
2015-07-29 20:29 - 2015-07-29 20:29 - 04720448 _____ C:\Users\Peter\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-29 10:44 - 2015-07-29 10:44 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 10:44 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-20 16:41 - 2013-08-08 16:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 16:31 - 2014-02-08 14:26 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-08-20 16:08 - 2013-08-04 08:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 15:59 - 2006-11-02 22:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 15:59 - 2006-11-02 22:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-20 15:35 - 2013-08-08 17:00 - 00002029 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-20 15:00 - 2014-03-27 09:45 - 00000714 _____ C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job
2015-08-20 14:31 - 2014-02-08 14:26 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-08-20 10:16 - 2006-11-02 22:52 - 01521895 _____ C:\Windows\WindowsUpdate.log
2015-08-20 10:00 - 2014-02-28 11:49 - 00000294 _____ C:\Windows\Tasks\AVSRegistryCleaner.job
2015-08-19 15:03 - 2013-08-12 16:37 - 00000125 _____ C:\Windows\SwDrvs.ini
2015-08-19 14:20 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\tracing
2015-08-19 14:09 - 2013-08-12 16:37 - 00000244 _____ C:\Windows\MYOBP.INI
2015-08-19 14:09 - 2013-08-12 16:37 - 00000039 _____ C:\Windows\MYOB.INI
2015-08-19 10:00 - 2013-08-04 08:20 - 00000618 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-18 16:27 - 2013-08-02 14:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-08-18 16:27 - 2006-11-02 23:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 08:47 - 2006-11-02 23:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-17 13:13 - 2013-08-04 10:58 - 00038433 _____ C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-08-12 15:04 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 14:56 - 2006-11-02 22:47 - 02206256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 14:52 - 2014-03-27 11:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 14:51 - 2006-11-02 22:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-12 14:26 - 2013-08-03 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 14:25 - 2014-03-27 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 13:17 - 2013-08-02 17:13 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 13:09 - 2006-11-02 20:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 13:08 - 2013-08-04 08:25 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 13:08 - 2013-08-04 08:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-07 13:27 - 2013-08-04 08:19 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-06 13:23 - 2013-08-04 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11
2015-08-01 11:16 - 2013-08-04 08:20 - 00000448 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-29 20:03 - 2013-08-08 16:59 - 00000000 ____D C:\Users\Peter\AppData\Local\Google
2015-07-29 10:43 - 2014-08-30 09:58 - 00062360 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-07-28 22:11 - 2015-06-23 15:07 - 00000000 ____D C:\Program Files\TeamViewer
2015-07-23 13:40 - 2013-08-04 12:42 - 00023552 _____ C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 00:30 - 2006-11-02 20:23 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts.20150819-100032.backup

==================== Files in the root of some directories =======

2013-08-04 10:58 - 2015-08-17 13:13 - 0038433 _____ () C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-04-27 14:39 - 2014-08-10 15:18 - 0009323 _____ () C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).EML
2014-07-13 17:33 - 2014-07-13 17:33 - 0038422 _____ () C:\Users\Peter\AppData\Roaming\Microsoft Excel.ADR
2015-01-07 11:44 - 2015-01-07 11:44 - 0026876 _____ () C:\Users\Peter\AppData\Roaming\UserTile.png
2013-08-02 14:50 - 2013-08-02 15:29 - 0000680 _____ () C:\Users\Peter\AppData\Local\d3d9caps.dat
2013-08-04 12:42 - 2015-07-23 13:40 - 0023552 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-12 15:13 - 2015-04-12 15:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-02 15:37 - 2014-05-02 15:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-08-04 14:14 - 2013-08-04 14:27 - 0000771 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-18 16:34

==================== End of log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-20 17:30:08
-----------------------------
17:30:08.229 OS Version: Windows 6.0.6002 Service Pack 2
17:30:08.229 Number of processors: 2 586 0xF0D
17:30:08.231 ComputerName: SUPER-PC UserName: Peter
17:30:11.997 Initialize success
17:30:12.210 VM: initialized successfully
17:30:12.212 VM: Intel CPU virtualization not supported
17:35:29.625 AVAST engine defs: 15081901
17:35:44.958 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-20 17:30:08
-----------------------------
17:30:08.229 OS Version: Windows 6.0.6002 Service Pack 2
17:30:08.229 Number of processors: 2 586 0xF0D
17:30:08.231 ComputerName: SUPER-PC UserName: Peter
17:30:11.997 Initialize success
17:30:12.210 VM: initialized successfully
17:30:12.212 VM: Intel CPU virtualization not supported
17:35:29.625 AVAST engine defs: 15081901
17:35:44.958 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"
17:35:58.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:35:58.735 Disk 0 Vendor: TOSHIBA_MK1646GSX LB113J Size: 152627MB BusType: 3
17:35:58.954 Disk 0 MBR read successfully
17:35:58.958 Disk 0 MBR scan
17:35:59.140 Disk 0 Windows VISTA default MBR code
17:35:59.162 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1000 MB offset 2048
17:35:59.236 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151625 MB offset 2050048
17:35:59.277 Disk 0 scanning sectors +312578048
17:35:59.850 Disk 0 scanning C:\Windows\system32\drivers
17:36:42.896 Service scanning
17:37:23.867 Service MpKsl716c12e2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C31F754D-891C-440D-902A-2DCA82F7A699}\MpKsl716c12e2.sys **LOCKED** 32
17:38:05.829 Modules scanning
17:38:05.838 Disk 0 trace - called modules:
17:38:05.858 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
17:38:05.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864f8ac8]
17:38:05.877 3 CLASSPNP.SYS[8ab9d8b3] -> nt!IofCallDriver -> [0x85d10898]
17:38:05.887 5 acpi.sys[82ca66bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85d598a0]
17:38:07.783 AVAST engine scan C:\Windows
17:38:19.173 AVAST engine scan C:\Windows\system32
17:46:21.650 AVAST engine scan C:\Windows\system32\drivers
17:47:00.151 AVAST engine scan C:\Users\Peter
17:54:36.055 AVAST engine scan C:\ProgramData
17:57:56.434 Disk 0 statistics 2565250/0/0 @ 1.84 MB/s
17:57:56.445 Scan finished successfully
17:59:40.855 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
17:59:40.945 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"

[Juliet]

Running from C:\Users\Peter\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-1647386704-1107108042-2413953793-1000] => localhost:21320
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\PE_C_PETER_2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~`

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

[Juliet]

Still need help?

[PeterPotus]

Still need help?

I have run the JRT 3 times and after about 7 hours the disc activity stops. I rechecked 2-3 hours later and no change. JRT's last print was "Checking Shortcuts" on each of the 3 attempts.

Note: Obviously I don't watch the process continuously so I don't know when it stalled each time.

Possibly it was my fault as I may have not properly shutdown Spybot. I am reasonably confident about Windows Security as Windows Defender was definitely off.

With Spybot I went to its System Services tab and turned off the 3 choices. When I returned to Spybot this morning I saw that the Ticks on Spybots opening page were in fact still on.

Since then I have searched and searched but cannot find how to temporarily shut Spybot down.

I wrongly assumed FRST created Fixlist.txt automatically so I wasted a lot of time until I realised it was waiting for me to choose possibly bad files and paste them to a new Fixlist.txt. Quite bravely I got rid of some files this way as you will see on the fixlog.txt.

I notice that my print screen function is not working right now.

I often get advice from Spybot about a second user with the program. Is this report caused by part of the problem? There is only one user, me. Perhaps if there was another user they might be more experienced and keep me out of trouble.

I really appreciate your patience with me being such a novice at this.

New reports attached.

[Juliet]

Sounds like JRT hung up.

We'll continue.

https://www.safer-networking.org/faq...d-temporarily/
The above link should supply instructions how to temporarily disable SpyBot.

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  
  
  
  
  
  
  
  
• On the Dashboard click on Update Now
  
• Go to the Setting Tab
  
• Under Setting go to Detection and Protection
  
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
  
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  
• Then on the Dashboard click on Scan
  
• Make sure to select THREAT SCAN
  
• Then click on Scan
  
• When the scan is finished and the log pops up...select Copy to Clipboard
  
• Please paste the log back into this thread for review
  
• Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

[PeterPotus]

Sorry, but the instructions did not match current Spybot.

I used Advanced Tools - Settings - Live Protection - Mode - Advanced Controls and pressed "Deactivate Live Protection".

Response was this message "The Live Protection System Driver could not be deactivated. You can uninstall and reboot..."

The Start Centre page of Spybot is now showing "Live Protection: Partial".

I will uninstall in 20 hours and proceed with Malwarebytes Anti Malware unless you say otherwise.

Thanks

Peter

Peter

[Juliet]

A temporary uninstall might be the best solution for right now.

[PeterPotus]

Talk again soon.
Peter

[PeterPotus]

I have run JRT and Malwarebytes Anti Malware and their logs are attached. Nothing that I can see except they don't like P C Mechanic. I am not too impressed either but it came long after my problem started.

JRT's run time dropped from about 7 hours to about 5 mins with Spybot uninstalled.

Post Win10 Spybot re-installed the main program like a dream.

Regards

Peter

[Juliet]

At this time go on and uninstall/delete P C Mechanic. (Unless you paid for this program)

Has anything changed? Any improvements with the computer?

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

IF, you have an external USB device plugged in this will be scanned too. If this is attached the scan can take considerably longer.

Note: Since this scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  
  
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.