Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Totally hacked laptop- no control over it!HELP


  • This topic is locked This topic is locked
37 replies to this topic

#1 AngelGabriel

AngelGabriel

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 12 May 2018 - 08:42 AM

Hello,

 

My laptop has been hacked and fully controlled by someone even at the time I am posting this topic. I am unable to perform even a copy/paste function because of which I could not provide you with the FRST log files. I cannot install/uninstall programs because of 'missing privileges of this account' which is THE ONLY account on the laptop/ this is a private laptop not part of any groups/, the kasperski live cd is not working, the onlne eset scan could not download an up-to-date version, my browsing sessions are interrupted /my attempt to create an account here took forever/ because of errors that have not appeared before, my other efforts to look for software solutions to this huge problem are terminated immediately/the internet connection is interrupted and the browsers do not work at all/, the laptop starts to work on its own without any action on my part although all of the options for self starting are disabled /by a software specialist/, at times when I start the laptop I find it in a state dating back half a year ago /as if it has been restored to a previous point/ and after a couple of days it restores to its up-to-date state. I could list many more 'strange' behavior patterns in the same style for example blue screens appearing after I try to look for information about hacked pcs, the laptop being shut down for a few days and could not be started in any way with no signs of 'life' etc.

 

This is the current state after a few clean installs - I have no control over the laptop and there is obviously someone else on the other side.

 

This is my 3rd laptop that is in this fully hacked state and I am crying out for help!



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 12 May 2018 - 08:36 PM

Hello AngelGabriel,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 May 2018 - 07:46 AM

Hello Ray,

 

Thank you for your voluntary work here - I do appreciate your time and expertise. 

 

Just a quick update from today- when I woke up the laptop was working AGAIN. I could not uninstall Avast because of 'missing privileges' so I disabled it permanently BUT it is still running scans. In the meantime I have Kasperski Internet Security installed and successfully updating its databases  and application modules but says that 'protection is at risk' because Adobe Flash Player PPAPI version 28.0.0.126 - 29.0.0.140 failed to download due to network error /over and over again/.

 

I tired to open the Computer Management and Disk Management to check some weird server related issued that I have previously noticed - it took way too long but in the meantime I noticed a brief message saying 'adding snap in' that disappeared in the wink of an eye.  

 

Kind regards,

Blagovesta



#4 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 May 2018 - 07:53 AM

Right after I posted this I saw another brief notification saying 'Microsoft Management Console - Waiting for all snap ins to complete'



#5 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 14 May 2018 - 05:23 PM

Hello again AngelGabriel, and welcome to Bleeping Computer.

Please call me "Ray". Do you have a short nickname I can use? If not, may I address you as "AG"?

I will be helping you with your computer problem.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not make any further changes to your computer (such as Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) and don't perform any actions without being advised to do so. If you are unsure, please stop and describe the current state of your PC and ask your question.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.

 

Preliminary Questions

  • Do you know what version of Windows you are running on the sick laptop?
  • Do you have a copy of the Windows installation media on DVD or on a thumb drive?

 

Try to send logs to me
 
You said you couldn't provide FRST logs. I think that means you did scan successfully with the FRST tool but you couldn't copy and paste the logs into a reply. Is my understanding correct? If so, please try copy and paste again (Ctrl + C followed by Ctrl + V).
 
If copy/paste still doesn't work, try to upload the logs (FRST.txt and Addition.txt) to ZippyShare and send me the link for these files. Uploading to ZippyShare does not require any copy/paste.

 

 

In your next reply...

  • Tell me whether I may address you as "AG" or by some short nickname.
  • Do you have Windows installation media?
  • Confirm whether you do have FRST logs.
  • If you do have FRST logs, tell me what Windows operating system you are using. It is listed as "Platform" on the fifth line of the FRST.txt log.
  • Copy and paste FRST.txt and Addition.txt into the body of your message or send me the ZippyShare link for these files.
  • If unable to send the logs by any means, please describe fully what symptoms you encountered during the attempt.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 14 May 2018 - 07:42 PM

Hi Ray,

 

  • Please, call me AG :).
  • No, I do not have Windows installation media - I wiped off the recovery partition the previous time I made a clean install, so it is not there anymore, but I have the product key written somewhere and if need be I could download an ISO file and reinstall Windows.
  • Platform: Windows 8.1 Pro (Update) (X64) Language English (United States) 
  • Here are the first logs from the first time I performed a scan with FRST on May 12th

http://www103.zippyshare.com/v/cKVhCTf7/file.html

http://www50.zippyshare.com/v/osG6UqOZ/file.html /this time the link appeared/

 

I cannot copy and paste - Ctrl+C and Ctrl+V do not work for this site at all /the other copy/paste option do not work as well/ so I am typing the links. I tried to add the link for the fist log but it just stuck on the screen and I could not close it at all /using the touchpad or the touch screen it was totally unresponsive.

 

-- Please, find below the logs form a scan I have just made using FRST /Version 12.05.2018 that I downloaded again (just in case..)/

http://www81.zippyshare.com/v/u2eB4q2L/file.html

http://www64.zippyshare.com/v/2XantRnK/file.html

 

There haven't been that many interruptions as usual while writing the post - it took an hour and a half!

 

Thank you so much!

AG



#7 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 16 May 2018 - 04:14 AM

Hi AG,

Thank you for the logs and the additional posts. I'll have a more substantive reply for you within 24 hours.

 

Thank you for your patience.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 16 May 2018 - 02:33 PM

Hi AG,

 

Uninstall antivirus products

The range of issues you report can be explained by a clash between the Avast and Kaspersky AV products. Please uninstall them both as follows:

 

Get Kaspersky uninstall tool here. Be sure to heed this note:

When you remove a product using the kavremover tool, license information is also removed. Make sure you have the license key or the activation code stored elsewhere so that you can use it again later.

 

Get the Avast uninstall tool as follows: Using the Uninstall Utility for Avast Antivirus.

 

Test the operation of your laptop but stay away from all sensitive sites while you are without AV protection. (no online banking or other activities that require a password). Please let me see the result of your testing before you reinstall Kaspersky.

 

I see other issues with your machine, but I will address them in a later post.

 

 

In your next reply...

  • Confirm complete removal of both AV products.
  • Do you still see any of the original symptoms? Look at your initial post and tell me whether each of the issues you mentioned is still occurring. Give me a detailed report.

 

Thank you,

 

Ray

Edit: Note about reinstalling Kaspersky.


Edited by RayS, 16 May 2018 - 03:52 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 19 May 2018 - 02:49 AM

Hi AG,

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • If you will be away for an extended period, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the topic and it will be closed.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#10 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 May 2018 - 01:13 PM

Hi Ray,

 

I still desperately need your help. I did try to prepare a post several times but my internet connection was either terminated or limited /and this has nothing to do with the internet provider/.

 

  • As advised I uninstalled the AV products immediately following your instructions but I am sure that none of the issues I have reported has anything to do with a possible clash between them as I had managed to install the second AV program a couple of days /after a few days of unsuccessful attempts due to 'missing user privileges'/ before I created the topic here but the weird symptoms date back long before that. I needed some time to observe which of the symptoms will occur considering that I had to be extra careful when browsing so I started to use another laptop - and the symptoms transitioned to the second laptop just like it did previously.
  • I have no active  wake timers /on both of the laptops but I will focus on the one that I have reported in this topic/ but it wakes itself at different times of the day with no schedule. The clock of the laptop changes at times - 2 hours from the current time - obviously to a different time zone and when it pleases it goes back to the current local time.
  • Most of the wake sources indicated in the event logs are registered as Unknown and the time indicated is also -2 hours from the current time but other event logs related have the actual current local time indicated!!!

When I opened several minutes ago the Command Prompt and typed powercgf /lastwake

here is the result

Wake History Count -1

Wake History{0}

        Wake Source Count -0

  • In the Applications and Services Logs
    I found a Folder named Cisco/with FAST, LAEP and PEAP modules subfolders/ but I have never connected to a domain network, or installed any cisco products.
  • As explained in my previous posts for certain periods of time I could not install/uninstall programs or alter pc settings due to 'missing user account privileges' while still being the ONLY user/Administrator on this laptop. Most of the things happening are not as a result of a permanent problem - they 'come and go', they last form several hours to a couple of weeks and are replaced by other restrictions.
  • At certain periods of time I cannot download files - they are immediately deleted in the Downloads Section of the browser or I cannot open the 'Show in Folder' option and the files are not stored anywhere on this computer.
  • I also have weird experience when trying to print files from the laptop using the home printer. Especially when I am trying to do some important staff /such as print out tax documentation/ the printer won't print due to 'spooling', or will print with different settings than the ones I apply, or in more copies then I  want, or in color and not grayscale printing. In the meantime other programs won't start or will be crashing for hours and when I give up trying it will all resolve with no actions on my part!!!

The thing that is totally freaking me out is that when using the laptop it seems that I am riding on a time rewinding machine going back and forth over and over again reverting the state of the computer to some 'restore' point / a previous state dating back a few months in time/.  And of course, the snap-ins that are being installed ...

 

Thank you so much! I truly appreciate your support!

Looking forward to receiving your instructions on how to proceed.

 

Kind regards,

AG

 

 



#11 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 22 May 2018 - 11:44 PM

Hi AG,
 

I needed some time to observe which of the symptoms will occur considering that I had to be extra careful when browsing so I started to use another laptop - and the symptoms transitioned to the second laptop just like it did previously.
<snip>
I will focus on the one that I have reported in this topic

Good thinking to use the second laptop to confirm persistence of the symptoms. Now, let's concentrate on only one computer unless we explicitly need to use a second one.
 
I will try to address the intermittent symptoms later, but for now, I'd like to reset your router. Please follow all the steps in this article, including setting a strong password comprised of about ten letters, numerals, and punctuation symbols. Turn off the Universal Plug and Play feature in your router. Tell me the make and model of your router.
 
Then download a fresh copy of just one antivirus program and install it, allow it to update its AV signatures, then do a complete scan. Send me a copy of the scan log.
 
Finally, please visit security expert Steve Gibson's very informative website here. Take a moment to read the info on the Welcome to ShieldsUP! page. Then click Proceed.

On the next page, scroll down part way and click the File Sharing button. Here's the result I get when I do the File Sharing test on my PC (the graphics may appear slightly different in your results):



reddash.gif

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.







reddash.gif

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.







1.gif

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Please tell me if you get any different result. Give a full description or copy/paste the results (if possible).
 
Next, click the Common Ports button. Here's the top portion of my results:

graypixel.gif
transpixel.gif




passed.gif

trustealthanalysis.gif

passed.gif



transpixel.gif
graypixel.gif
transpixel.gif



Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Again, tell me if you get any different result. Give full details.

Scroll down again and click the All Service Ports button. Here's what my PC shows below a grid that represents 1056 ports when the scan completes:

graypixel.gif
transpixel.gif




passed.gif

trustealthanalysis.gif

passed.gif



transpixel.gif
graypixel.gif
transpixel.gif



Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

If your results are different in any way, give me a full description and also hover over or click on any port cell that is not colored green and tell me what the cell reveals.

Now scroll down and click the orange GRC's Instant UPnP Exposure Test icon. Here's what my test shows:

 

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

(That's good news!)

 

If your results are different in any way, give me a full description.
 
If all Gibson's tests show that your router is secure, please tell me which of the initially reported symptoms remain.
 

In your next reply...

  • Please tell me which AV program you installed.
  • Send me the scan log from the AV program.
  • Tell me the make and model of your router.
  • Describe the configuration of your router's setup but don't divulge the network name (SSID) or the password.
  • Are you connecting to the router wirelessly or via Ethernet cable?
  • What result do you get from Gibson's File Sharing scan?
  • What result do you get from Gibson's Common Ports scan?
  • What result do you get from Gibson's All Service Ports scan?
  • What result do you get from Gibson's GRC's Instant UPnP Exposure Test scan?
  • Which of your original symptoms remain?

Thank you,
 
Ray

Edit: typo


Edited by RayS, 23 May 2018 - 12:04 AM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#12 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 26 May 2018 - 10:29 AM

Hi Ray,

 

Following your instructions I proceeded with the change of the password for the router and while trying to figure out how to restore the factory settings and disable the plug and play function /which I am not sure that I managed to do/, passed the Steve Gibson's tests with flying colors, then the internet connection was terminated and I was not able to connect to the internet for some time - the massage was that I could not connect to this network but I was no longer asked for a password. There were troubleshooting options and to cut a long story short - it appeared that either the airplane mode was on /but it was not/ or there were no networks available/ but I could see all of the available wi-fi networks including mine/. In the meantime I downloaded the Eset Smart Security Premium and ran a scan that showed no threat at all. After some time I restored the factory settings of the router, changed the passwords and downloaded AVG Internet Security, ran a deep scan that said it was all good. After that I ran the Gibson's tests again and the results were just the same as the ones you have provided.

It took quite some time to generate the AVG report  :huh: which I managed to copy /paste below for the first time and all of a sudden the bleeping computer site became in-responsive - so this took quite a while. All of this makes me unsure about the credibility of the scan results that you'll find here https://www21.zippyshare.com/v/rjcEr3eB/file.html because I just could not post it /due to its length I guess/.

 

Here are the specifications of the wifi router I have 

 

 
HUAWEI E5180s-22 LTE cube and I am connecting to it wirelessly 
 
and here are the settings
APN static
Mobile Connection: Mobile data -ON

Data roaming - Disabled

 

Network

Preferred mode- Auto

Network search - Mode Auto

WLAN module - Enabled

Security mode- WPA/WPA2-PSK     Status - ON

 

SSID Broadcast - Enabled

WLAN Advanced Settings

Country - China

Channel - Auto

AP isolation - Off

Wi-Fi bandwidth: auto

the actual location is not China !!!!

WLAN MAC Filter: Disable

DHCP

DHCP server: enabled 

DHCP IP range:100 to 200

DHCP lease time (s):86400

SIP Server

On this page, you can configure the proxy server and registration server. The local SIP port must be different from the registration server port.

Registration Server

Proxy server address: empty

Proxy server port:5060

Registration server address:empty

Registration server port: 5060

SIP server domain name:empty

Secondary server: not ticked 

 

NO SIP ACCOUNT AND NO SPEED DIAL NUMBER

Firewall Switch

From this page, you can enable or disable firewall filter functions.

The firewall protects your computers from any potential attacks from the Internet.
If the firewall is enabled, data transmission can be controlled to protect your computers from network attacks.
If the firewall is disabled, Internet access is not protected, which could leave you vulnerable to security threads.
The IP address filter and WAN port ping functions are available only after the firewall is enabled.

 

Enable firewall - V

Enable IP address filter - disabled

Disable WAN port ping - V

 

LAN IP Filter List - EMPTY

Virtual Servers List - NONE

Special Applications List - NONE

DMZ status: Disabled

SIP ALG Settings

The modem supports the SIP ALG function. The SIP application can run and communicate with other Internet applications.

 VEnable SIP ALG

SIP port: 5060

 

UPnP status:Disabled

NAT Settings

Symmetric NAT is often deployed in gateways where higher security requirements exist. Cone NAT provides lower security, but it allows some applications to perform correctly and is more compatible with consumer applications, including applications on gaming devices.

Cone - selected Symmetric - available option

 

System Settings

 SNTP -ON

 

As for the other original symptoms - I have not been able to use the laptop much these days due to work and some family issues so I can not be sure which of them remain.

 

Thank you so much! Looking forward to hearing form you!

 

Have a great weekend!

AG

 



#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 29 May 2018 - 08:58 AM

Hi AG,

Thank you for the AVG report and the comprehensive listing of the router setup. The HUAWEI E5180s 22 LTE cube is a Chinese product, therefore, "China" is probably a default for the Country setting. Change it to your actual country, if possible, although I don't think it will make any difference.
 

 
It took quite some time to generate the AVG report <snip> I just could not post it /due to its length I guess/

Yes, the report contained over 183,000 lines. That will take a long time to generate and it will be too long to post here in this forum.

 

 

Overview
Let's run a script to fix some minor problems I spotted in your original FRST scans. Then get some new FRST logs.

 


Run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer. 

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

CloseProcesses:
C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-01-15] (SlimWare Utilities, Inc.)
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
C:\Users\whatever\Desktop\.~lock.POSTNIK.doc#

End::
  •  Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.


Re-scan with Farbar Recovery Scan Tool 

  • Right-click FRST64.exe then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • When the tool is done updating itself, it will show This tool is ready to use. near the upper left corner of the tool's window.
  • Under Optional Scan, be sure a checkmark is placed next to Addition.txt.
  • Click Scan.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.

 

In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message. If these logs are too long, send each one in a separate post.
  • How is your laptop running now? Give me a comprehensive description of all remaining symptoms.

Thank you,


Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 31 May 2018 - 04:30 AM

Hi,

 

Please, find below the fix log. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by whatever (31-05-2018 11:44:45) Run:1
Running from C:\Users\whatever\Desktop
Loaded Profiles: whatever (Available Profiles: whatever)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-01-15] (SlimWare Utilities, Inc.)
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
C:\Users\whatever\Desktop\.~lock.POSTNIK.doc#

*****************

Processes closed successfully.
C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\System\CurrentControlSet\Services\SWDUMon" => removed successfully
SWDUMon => service removed successfully
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys => moved successfully
C:\Users\whatever\Desktop\.~lock.POSTNIK.doc# => moved successfully


The system needed a reboot.

==== End of Fixlog 11:44:46 ====



#15 AngelGabriel

AngelGabriel
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 31 May 2018 - 04:38 AM

Here are the logs from the re-scan.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by whatever (administrator) on MINE (31-05-2018 12:33:53)
Running from C:\Users\whatever\Desktop
Loaded Profiles: whatever (Available Profiles: whatever)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-04-24] (Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124032 2018-04-24] (WinZip Computing)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-05-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-04-17] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D6F52AD2-FEB7-49A1-90A1-A8265A490821}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2679917886-904101404-1751164016-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-12-05] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-12-05] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-12-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-12-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-2679917886-904101404-1751164016-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-12-05] (Google Inc.)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default [2018-05-31]
CHR Extension: (Slides) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Docs) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-02]
CHR Extension: (YouTube) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (Sheets) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-02]
CHR Extension: (AVG SafePrice) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-05-28]
CHR Extension: (Gmail) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\whatever\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [318328 2018-05-26] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [430032 2018-05-26] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-05-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-04-17] (AVG Technologies CZ, s.r.o.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [181512 2016-07-12] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-14] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5614592 2018-01-22] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-14] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189032 2018-05-26] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [220600 2018-05-26] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192536 2018-05-26] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336848 2018-05-26] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [50776 2018-05-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-05-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [151504 2018-05-26] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\System32\drivers\avgNetSec.sys [632640 2018-05-26] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [103744 2018-05-26] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [78352 2018-05-26] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1020112 2018-05-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [452904 2018-05-26] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [198368 2018-05-26] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [373944 2018-05-26] (AVG Technologies CZ, s.r.o.)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [130648 2016-08-22] (GenesysLogic)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [357648 2016-07-12] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3526400 2017-03-09] (Intel Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2018-01-22] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-31 12:33 - 2018-05-31 12:34 - 000011469 _____ C:\Users\whatever\Desktop\FRST.txt
2018-05-31 12:31 - 2018-05-31 12:31 - 002413056 _____ (Farbar) C:\Users\whatever\Desktop\FRST64.exe
2018-05-31 11:44 - 2018-05-31 11:44 - 000001372 _____ C:\Users\whatever\Desktop\Fixlog.txt
2018-05-31 00:51 - 2018-05-31 00:51 - 000002760 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2018-05-29 01:31 - 2018-05-29 01:31 - 000002612 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2018-05-29 01:31 - 2018-05-29 01:31 - 000002600 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2018-05-29 01:31 - 2018-01-22 14:52 - 000045568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2018-05-29 01:28 - 2018-05-31 03:12 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-05-29 01:28 - 2018-05-29 01:31 - 000000000 ____D C:\Program Files (x86)\AVG
2018-05-29 01:15 - 2018-05-29 01:31 - 000000000 ____D C:\Users\whatever\AppData\Local\AvgSetupLog
2018-05-28 15:32 - 2018-05-28 15:32 - 000073829 _____ C:\Users\whatever\Downloads\ua.pdf
2018-05-27 18:47 - 2017-10-04 06:45 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-05-27 18:47 - 2017-10-04 06:45 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-05-27 18:46 - 2017-10-04 11:21 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-05-27 18:46 - 2017-10-04 11:21 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-05-27 18:43 - 2018-04-07 19:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-27 18:43 - 2018-04-07 19:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-05-27 18:43 - 2018-04-07 19:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-05-27 18:43 - 2018-04-07 19:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-05-27 18:43 - 2018-04-07 18:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-27 18:43 - 2018-04-07 18:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-27 18:43 - 2018-04-05 20:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-05-27 18:43 - 2018-04-05 20:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-05-27 18:43 - 2018-03-29 04:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-05-27 18:43 - 2018-03-29 04:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-05-27 18:43 - 2018-03-29 04:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-05-27 18:43 - 2018-03-29 04:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-05-27 18:43 - 2018-03-29 03:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-05-27 18:43 - 2018-03-29 03:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-05-26 17:19 - 2018-05-26 17:19 - 000614068 _____ C:\Users\whatever\Downloads\huawei_e5180_e5180s_22_lte_cube_official_specifications_datasheet (2).pdf
2018-05-26 17:15 - 2018-05-26 17:15 - 000614068 _____ C:\Users\whatever\Downloads\huawei_e5180_e5180s_22_lte_cube_official_specifications_datasheet (1).pdf
2018-05-26 17:06 - 2018-05-26 17:06 - 020693793 _____ C:\Users\whatever\Desktop\AVG SCAN REPORT.txt
2018-05-26 13:51 - 2018-05-26 13:51 - 000869710 _____ C:\Users\whatever\Downloads\huawei_e5180s_610_4g_wifi_cube_user_guide.pdf
2018-05-26 13:51 - 2018-05-26 13:51 - 000514880 _____ C:\Users\whatever\Downloads\huawei_e5180_cube_user_manual.pdf
2018-05-26 13:44 - 2018-05-26 13:44 - 000614068 _____ C:\Users\whatever\Downloads\huawei_e5180_e5180s_22_lte_cube_official_specifications_datasheet.pdf
2018-05-26 13:39 - 2018-05-26 13:39 - 000869710 _____ C:\Users\whatever\Downloads\E5180s-610 QSG-Huawei_final.pdf
2018-05-26 13:06 - 2018-05-29 01:31 - 000000000 ____D C:\Users\whatever\AppData\Local\Avg
2018-05-26 13:06 - 2018-05-26 13:06 - 000001849 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk
2018-05-26 13:06 - 2018-05-26 13:06 - 000000000 ____D C:\Users\whatever\AppData\Roaming\AVG
2018-05-26 13:06 - 2018-05-26 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-05-26 13:05 - 2018-05-27 07:30 - 000004162 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-05-26 13:04 - 2018-05-26 13:04 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000632640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-05-26 13:04 - 2018-05-26 13:04 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-05-26 13:04 - 2018-05-26 13:04 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-05-26 13:03 - 2018-05-29 01:31 - 000000000 ____D C:\ProgramData\AVG
2018-05-26 13:03 - 2018-05-26 13:03 - 000000000 ____D C:\Program Files\AVG
2018-05-26 13:02 - 2018-05-26 13:02 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\whatever\Downloads\avg_internet_security_setup.exe
2018-05-25 15:24 - 2018-05-25 15:24 - 000000000 ____D C:\Users\whatever\AppData\Local\DESlock+
2018-05-25 15:23 - 2018-05-26 12:56 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2018-05-23 18:01 - 2018-04-22 12:02 - 000803696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-23 18:01 - 2018-04-22 11:06 - 000612600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-23 18:01 - 2018-04-22 11:04 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-23 18:01 - 2018-04-22 10:40 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-23 18:01 - 2018-04-22 10:38 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-23 18:01 - 2018-04-22 10:32 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-23 18:01 - 2018-04-22 10:26 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-23 18:01 - 2018-04-22 10:26 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-23 18:01 - 2018-04-22 10:24 - 020286464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-23 18:01 - 2018-04-22 10:04 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-23 18:01 - 2018-04-22 10:00 - 002295296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-23 18:01 - 2018-04-22 09:57 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-05-23 18:01 - 2018-04-22 09:54 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-23 18:01 - 2018-04-22 09:53 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-23 18:01 - 2018-04-22 09:51 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-05-23 18:01 - 2018-04-22 09:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-23 18:01 - 2018-04-22 09:48 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-23 18:01 - 2018-04-22 09:46 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-23 18:01 - 2018-04-22 09:33 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-23 18:01 - 2018-04-22 09:32 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-05-23 18:01 - 2018-04-22 09:31 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-23 18:01 - 2018-04-22 09:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-05-23 18:01 - 2018-04-22 09:27 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-23 18:01 - 2018-04-22 09:27 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-23 18:01 - 2018-04-22 09:26 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-23 18:01 - 2018-04-22 09:26 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-23 18:01 - 2018-04-22 09:22 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-23 18:01 - 2018-04-22 09:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-23 18:01 - 2018-04-22 09:08 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-23 18:01 - 2018-04-22 09:04 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-23 18:01 - 2018-04-22 09:03 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-23 18:01 - 2018-04-15 19:55 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-23 18:01 - 2018-04-15 19:16 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-23 18:01 - 2018-04-11 04:03 - 007406936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-23 18:01 - 2018-04-11 04:02 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-23 18:01 - 2018-04-11 04:02 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-23 18:01 - 2018-04-10 21:51 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-05-23 18:01 - 2018-04-10 21:27 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-23 18:01 - 2018-04-10 21:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-23 18:01 - 2018-04-10 20:01 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-23 18:01 - 2018-04-10 19:50 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-23 18:01 - 2018-04-07 19:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-05-23 18:01 - 2018-04-07 18:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-05-23 18:01 - 2018-04-07 18:41 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-23 18:01 - 2018-04-07 18:23 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-23 18:01 - 2018-04-07 18:20 - 001707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-23 18:01 - 2018-04-07 18:10 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-23 18:01 - 2018-04-07 18:06 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-23 18:01 - 2018-04-07 18:01 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-23 18:01 - 2018-04-07 00:27 - 000376656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-23 18:01 - 2018-03-24 18:57 - 001101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2018-05-23 18:01 - 2018-03-24 18:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-23 18:01 - 2018-03-24 18:34 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2018-05-23 18:01 - 2018-03-24 18:22 - 001086976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-23 18:01 - 2018-03-24 17:56 - 007033344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-23 18:01 - 2018-03-24 17:54 - 006214144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-23 18:01 - 2018-03-22 23:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-05-23 18:01 - 2018-03-22 23:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-23 18:01 - 2018-03-16 01:29 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-23 18:01 - 2018-03-10 23:55 - 000137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2018-05-23 18:01 - 2018-03-10 22:04 - 000120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2018-05-23 18:01 - 2018-03-10 20:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-05-23 18:01 - 2018-03-10 20:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-05-23 18:01 - 2018-03-10 20:47 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-23 18:01 - 2018-03-10 20:43 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2018-05-23 18:01 - 2018-03-10 19:46 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-23 18:01 - 2018-03-10 19:44 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-23 18:01 - 2018-03-10 19:35 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-23 18:01 - 2018-03-10 19:35 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-23 18:01 - 2018-03-10 19:33 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-23 18:01 - 2018-03-10 19:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2018-05-23 18:01 - 2018-03-10 19:21 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2018-05-23 18:01 - 2018-03-10 19:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2018-05-23 18:01 - 2018-03-10 19:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2018-05-23 18:01 - 2018-03-10 19:18 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-23 18:01 - 2018-03-10 19:18 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2018-05-23 18:01 - 2018-03-10 19:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-05-23 18:01 - 2018-03-10 19:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-05-23 18:01 - 2018-03-10 19:17 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2018-05-23 18:01 - 2018-03-10 19:17 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-23 18:01 - 2018-03-10 03:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-23 18:01 - 2018-03-10 03:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-23 18:01 - 2018-03-10 00:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-23 18:01 - 2018-03-10 00:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-23 18:01 - 2018-03-10 00:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-23 18:01 - 2018-03-10 00:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-05-23 18:01 - 2018-03-09 22:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-23 18:01 - 2018-03-09 21:57 - 000276816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-23 18:01 - 2018-03-09 17:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-23 18:01 - 2018-03-09 17:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-23 18:01 - 2018-03-09 17:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-23 18:01 - 2018-03-09 17:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-23 18:01 - 2018-03-08 22:53 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2018-05-23 18:01 - 2018-03-08 21:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-05-23 18:01 - 2018-03-08 21:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-05-23 18:01 - 2018-03-08 17:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-05-23 18:01 - 2018-03-08 02:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-05-23 18:01 - 2018-03-08 02:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-05-23 18:01 - 2018-03-07 22:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-05-23 18:01 - 2018-03-07 21:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-05-23 18:01 - 2018-03-03 20:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-05-23 18:01 - 2018-03-03 20:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-05-23 18:01 - 2018-03-03 19:24 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-05-23 18:01 - 2018-03-03 19:18 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-05-23 18:01 - 2018-03-03 19:18 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2018-05-23 18:01 - 2018-03-03 19:15 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-05-23 18:01 - 2018-03-03 19:04 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-05-23 18:01 - 2018-03-03 19:04 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2018-05-23 18:01 - 2018-02-22 00:09 - 000022816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbldfltr.sys
2018-05-23 18:01 - 2018-02-16 18:51 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-23 18:01 - 2018-02-16 18:51 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-23 18:01 - 2018-02-16 18:28 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-05-23 18:01 - 2018-02-16 18:24 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-23 18:01 - 2018-02-16 18:24 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-23 18:01 - 2018-02-16 17:37 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-05-23 18:01 - 2018-02-16 17:37 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-05-23 18:01 - 2018-02-15 00:45 - 001308336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-23 18:01 - 2018-02-14 17:47 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-23 18:01 - 2018-02-10 23:24 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-23 18:01 - 2018-02-10 22:29 - 000274272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-23 18:01 - 2018-02-10 22:29 - 000124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NV_AGP.SYS
2018-05-23 18:01 - 2018-02-10 22:29 - 000065888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ULIAGPKX.SYS
2018-05-23 18:01 - 2018-02-10 22:29 - 000062304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AGP440.sys
2018-05-23 18:01 - 2018-02-10 22:29 - 000021856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-05-23 18:01 - 2018-02-10 22:29 - 000017240 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2018-05-23 18:01 - 2018-02-10 22:25 - 000533856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-05-23 18:01 - 2018-02-10 22:06 - 000356184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-05-23 18:01 - 2018-02-10 20:50 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-05-23 18:01 - 2018-02-10 20:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-23 18:01 - 2018-02-10 20:09 - 003757056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-05-23 18:01 - 2018-02-10 20:03 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-05-23 18:01 - 2018-02-10 20:01 - 000617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-05-23 18:01 - 2018-02-10 19:59 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-05-23 18:01 - 2018-02-10 19:48 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-23 18:01 - 2018-02-10 19:46 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-05-23 18:01 - 2018-02-10 19:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-23 18:01 - 2018-02-10 19:30 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-23 18:01 - 2018-02-10 04:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-23 18:01 - 2018-02-10 04:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-23 18:01 - 2018-02-09 20:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-23 18:01 - 2018-02-08 21:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-05-23 18:01 - 2018-02-08 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-05-23 18:01 - 2018-02-08 21:21 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2018-05-23 18:01 - 2018-02-08 21:18 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2018-05-23 18:01 - 2018-02-08 21:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-05-23 18:01 - 2018-02-08 21:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-05-23 18:01 - 2018-02-08 20:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-05-23 18:01 - 2018-02-08 20:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-05-23 18:01 - 2018-02-08 20:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-05-23 18:01 - 2018-02-08 20:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-05-23 18:01 - 2018-02-08 20:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-05-23 18:01 - 2018-02-08 20:37 - 002779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-23 18:01 - 2018-02-08 20:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-05-23 18:01 - 2018-02-08 20:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-05-23 18:01 - 2018-02-08 20:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-05-23 18:01 - 2018-02-08 20:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-05-23 18:01 - 2018-02-08 19:57 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-05-23 18:01 - 2018-02-02 23:42 - 003320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-23 18:01 - 2018-02-02 22:24 - 003610112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-05-23 18:01 - 2018-02-01 21:51 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-05-23 18:01 - 2018-01-26 22:04 - 001115648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2018-05-23 18:01 - 2018-01-25 17:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-05-23 18:01 - 2018-01-25 17:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-05-23 18:01 - 2018-01-13 04:18 - 002452824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-05-23 18:01 - 2018-01-12 21:31 - 004690944 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-23 18:01 - 2018-01-12 21:18 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2018-05-23 18:01 - 2018-01-12 20:35 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-23 18:01 - 2018-01-12 20:26 - 000393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2018-05-23 18:01 - 2018-01-11 21:39 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2018-05-23 18:01 - 2018-01-11 21:39 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcshext.dll
2018-05-23 18:01 - 2018-01-11 21:34 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-05-23 18:01 - 2018-01-11 21:28 - 001562624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-05-23 18:01 - 2018-01-11 21:19 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-05-23 18:01 - 2018-01-11 21:19 - 000032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-05-23 18:01 - 2018-01-11 21:10 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2018-05-23 18:01 - 2018-01-11 21:10 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcshext.dll
2018-05-23 18:01 - 2018-01-11 21:04 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-05-23 18:01 - 2018-01-11 20:56 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-05-23 18:01 - 2018-01-11 20:55 - 002003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-05-23 18:01 - 2018-01-11 20:42 - 002923520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-05-23 18:01 - 2018-01-11 20:13 - 001695744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-05-23 18:01 - 2018-01-11 20:07 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-05-23 18:01 - 2018-01-10 17:48 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-05-23 18:01 - 2018-01-09 09:06 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2018-05-23 18:01 - 2018-01-09 08:32 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2018-05-23 18:01 - 2018-01-09 08:19 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-05-23 18:01 - 2018-01-09 07:59 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-05-23 18:01 - 2017-12-05 19:56 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2018-05-23 18:01 - 2017-12-05 19:45 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-05-23 18:01 - 2017-12-05 19:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-05-23 18:01 - 2017-12-05 19:10 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-05-23 18:01 - 2017-12-05 19:02 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2018-05-23 18:01 - 2017-12-05 18:58 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2018-05-23 18:01 - 2017-12-05 18:24 - 000165376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-05-16 23:08 - 2018-05-16 23:49 - 000409994 _____ C:\WINDOWS\ntbtlog.txt
2018-05-12 14:19 - 2018-05-31 12:33 - 000000000 ____D C:\FRST
2018-05-12 13:45 - 2018-05-25 15:19 - 000000000 ____D C:\Program Files\Common Files\AV
2018-05-11 23:21 - 2018-05-11 23:21 - 000343544 _____ C:\WINDOWS\Minidump\051118-25875-01.dmp
2018-05-11 13:05 - 2018-05-11 13:06 - 000317464 _____ C:\WINDOWS\Minidump\051118-17468-01.dmp
2018-05-02 19:54 - 2018-03-16 21:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-02 19:54 - 2018-03-14 16:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-02 19:54 - 2018-03-14 16:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-02 19:54 - 2018-03-14 16:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-31 12:29 - 2014-11-21 11:43 - 000820208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-31 12:29 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-31 12:24 - 2017-11-02 05:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-31 12:24 - 2017-11-01 13:32 - 000000000 __SHD C:\Users\whatever\IntelGraphicsProfiles
2018-05-31 12:24 - 2013-08-22 17:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-31 11:36 - 2017-11-14 20:29 - 000000000 ____D C:\Users\whatever\Desktop\New folder
2018-05-31 08:19 - 2017-11-02 05:01 - 000003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EC5EDD9F-2911-4B13-92F0-3E43C9472AE3}
2018-05-30 11:28 - 2017-11-02 04:43 - 000000000 ____D C:\Users\whatever\AppData\Local\ElevatedDiagnostics
2018-05-29 21:42 - 2013-08-22 16:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-05-29 01:59 - 2017-11-02 04:44 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2679917886-904101404-1751164016-1001
2018-05-28 23:29 - 2013-08-22 18:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-28 19:04 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\rescache
2018-05-25 15:19 - 2017-11-02 05:35 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-05-25 15:12 - 2017-11-02 05:31 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-05-25 14:57 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-23 19:50 - 2013-08-22 17:44 - 000363304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-23 19:46 - 2013-08-22 18:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-05-23 19:46 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-23 18:03 - 2017-11-01 08:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-23 18:02 - 2017-11-02 17:27 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-23 18:02 - 2017-11-02 17:26 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-18 11:32 - 2017-11-02 22:10 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 11:32 - 2017-11-02 22:10 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-17 16:22 - 2017-11-02 22:09 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 16:22 - 2017-11-02 22:09 - 000003204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 06:11 - 2018-04-30 05:21 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-17 06:11 - 2018-04-30 05:20 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-16 23:51 - 2017-12-05 23:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-15 22:47 - 2017-11-02 13:08 - 000000000 ____D C:\Users\whatever\AppData\Local\CrashDumps
2018-05-15 20:51 - 2017-11-02 23:53 - 000004472 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-15 20:51 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-15 20:51 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-15 17:32 - 2018-04-30 05:16 - 000003536 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier 2
2018-05-15 17:32 - 2018-04-30 05:16 - 000003534 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier 3
2018-05-15 17:32 - 2018-04-30 05:16 - 000003534 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier 1
2018-05-15 17:32 - 2017-12-06 23:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-15 17:32 - 2017-11-03 23:52 - 000003128 _____ C:\WINDOWS\System32\Tasks\{1BC59145-7ACA-4E12-B452-FA8F804B775F}
2018-05-15 17:32 - 2017-11-03 17:33 - 000003014 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
2018-05-15 17:32 - 2017-11-02 16:23 - 000003180 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2018-05-15 17:32 - 2017-11-02 16:23 - 000003168 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-05-15 17:32 - 2017-11-02 16:23 - 000003152 _____ C:\WINDOWS\System32\Tasks\RtHDVBg
2018-05-12 15:28 - 2018-01-07 18:16 - 000000000 ____D C:\Users\whatever\AppData\Roaming\Google
2018-05-12 00:23 - 2017-11-02 05:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-11 23:21 - 2018-02-22 13:07 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-11 23:20 - 2018-02-22 13:06 - 770051555 _____ C:\WINDOWS\MEMORY.DMP
2018-05-10 13:25 - 2017-11-02 20:44 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-01 01:39 - 2018-01-24 17:40 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 01:39 - 2018-01-24 17:40 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-22 14:29
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by whatever (31-05-2018 12:34:46)
Running from C:\Users\whatever\Desktop
Windows 8.1 Pro (Update) (X64) (2017-11-02 01:21:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2679917886-904101404-1751164016-500 - Administrator - Disabled)
Guest (S-1-5-21-2679917886-904101404-1751164016-501 - Limited - Disabled)
whatever (S-1-5-21-2679917886-904101404-1751164016-1001 - Administrator - Enabled) => C:\Users\whatever
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Enabled) {FD3E91FB-7C15-3254-D603-FC5F31625538}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 18.4.3056 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
FMW 1 (HKLM\...\{DFA0CE4A-C162-40C1-A977-12E60098EB72}) (Version: 1.227.11 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{66614300-cd9b-4a62-8b18-c97e9562dc3e}) (Version: 19.50.0 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Monitor Calibration Wizard 1.0 (HKLM-x32\...\Monitor Calibration Wizard) (Version:  - )
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
QuickGamma 4.0.0.2 (HKLM-x32\...\QuickGamma_is1) (Version: 4.0.0.2 - Eberhard Werle)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinZip 22.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411B}) (Version: 22.5.13114 - Corel Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2679917886-904101404-1751164016-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-05-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-04-24] (WinZip Computing)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-04-24] (WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-05-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-04-24] (WinZip Computing)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {101F4138-461E-414D-B02D-69E3E85DF449} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-05-02] (AVAST Software)
Task: {16C20C19-B5AE-40BD-BE3B-3B5A34527A80} - System32\Tasks\{1BC59145-7ACA-4E12-B452-FA8F804B775F} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\whatever\Downloads\mcw10.exe -d C:\Users\whatever\Downloads
Task: {1F31CD55-3A09-4F59-BFD5-EB93881AB267} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-04-24] (Corel Corporation)
Task: {33F02337-D40B-4C39-BE07-E6A41EE2C4D5} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {381EA9E4-3772-4997-B410-B17C9C57D29A} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-04-24] (Corel Corporation)
Task: {38518A48-1227-46CC-BA4D-290EA87A5F45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-02] (Google Inc.)
Task: {4C803157-C34C-4D13-A30B-E35B088C59D5} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {510D11BE-23E1-4D63-952D-934B9A9465DE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {545D77CB-2791-4234-ACA0-BAE0EE1D4EC3} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-04-24] (Corel Corporation)
Task: {92BB076C-1A4A-4DC8-B8C3-9EFFBC77A3A6} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {96FBC7F5-EA38-4A96-A93D-6B4CC5343DBC} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe
Task: {97B820C0-0A31-408E-82CE-CA1CFDF5A020} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-05-26] (AVG Technologies CZ, s.r.o.)
Task: {A3DD29DB-BD43-49BF-8DB6-42258702FD4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-02] (Google Inc.)
Task: {D39CDBD9-3FCA-440A-BA87-35DAF335F3FE} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)
Task: {E0A6AD87-F00F-4659-B1AB-0BE5F9D62701} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-15] (Adobe Systems Incorporated)
Task: {EA80CF54-2836-450B-B8B6-0E5B4EF6ADD1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-11-02 15:59 - 2016-12-29 16:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-09 05:50 - 2015-08-09 05:50 - 000404376 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-05-26 13:04 - 2018-05-26 13:04 - 000481008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-05-29 01:28 - 2018-05-29 01:15 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-05-26 13:06 - 2018-05-26 13:06 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2679917886-904101404-1751164016-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\whatever\Desktop\Untitled.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0ED255E5-6B6B-4229-8D28-506EF98A89A9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5FE6059D-C315-47E0-B8FD-D9E75223629B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-05-2018 15:25:44 Scheduled Checkpoint
22-05-2018 13:41:15 Scheduled Checkpoint
27-05-2018 18:44:02 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: USB2.0 UVC HD Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2018 12:35:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
 
Error: (05/30/2018 01:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0
Exception code: 0xc0000374
Fault offset: 0x00000000000f1cd0
Faulting process id: 0x588
Faulting application start time: 0x01d3f78291a01633
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3ab74f60-63f7-11e8-829c-cff3c580d8e1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/30/2018 09:12:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
 
Error: (05/29/2018 04:04:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.18895, time stamp: 0x5a4b0bc8
Exception code: 0xc0000305
Fault offset: 0x00000000000bf962
Faulting process id: 0x8c8
Faulting application start time: 0x01d3f6b5b23b1c6f
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 4e21f3bb-62dc-11e8-829b-a3b1c1644678
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/26/2018 10:37:41 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/26/2018 12:57:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.50.0.0, time stamp: 0x58a2ab63
Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0
Exception code: 0xc0000374
Fault offset: 0x00000000000f1cd0
Faulting process id: 0x76c
Faulting application start time: 0x01d3f4d7f29402af
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3a2441ea-60cb-11e8-8298-f5b4f332378f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/25/2018 03:14:55 PM) (Source: MsiInstaller) (EventID: 10005) (User: mine)
Description: Application: Kaspersky Secure Connection -- Error 29005. The selected folder or drive already contains files. The application cannot be installed to a folder that contains other data because this data can become unavailable after Self-Defense is enabled.<<29005>>InstallDir=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\
 
Error: (05/25/2018 03:12:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: mine)
Description: Application: Kaspersky Total Security -- Error 29005. The selected folder or drive already contains files. The application cannot be installed to a folder that contains other data because this data can become unavailable after Self-Defense is enabled.<<29005>>InstallDir=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\
 
 
System errors:
=============
Error: (05/31/2018 11:45:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Error: (05/31/2018 11:45:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Error: (05/31/2018 11:45:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Error: (05/31/2018 11:44:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/31/2018 11:44:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/31/2018 11:44:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG PC TuneUp Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 250 milliseconds: Restart the service.
 
Error: (05/31/2018 11:44:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/31/2018 11:44:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
Windows Defender:
===================================
Date: 2018-05-24 20:21:54.722
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {04F61BD3-79C2-440A-8CBC-527DD00696FD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-22 13:42:15.898
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {79AB9CA1-A522-4ACB-B998-69ACF3DE7C7C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-20 19:47:19.962
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {067B8183-D7B1-4AF9-92BB-9C708BCE2F2D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-17 06:10:18.217
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {56E7F51B-7089-4373-88B8-1F113A5A4A62}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-11-02 15:37:58.746
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {90E1EFFF-1949-4854-A0A7-DBBF07AB26EA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-16 23:49:30.614
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-05-16 23:08:44.622
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-11-02 16:14:29.511
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2017-11-02 15:57:24.502
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
Date: 2017-11-02 13:57:21.221
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
CodeIntegrity:
===================================
 
Date: 2018-05-24 16:28:28.205
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-22 14:30:47.351
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-17 02:20:48.803
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-22 08:36:08.744
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-02-22 08:36:08.576
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-02-22 08:36:08.464
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-02-22 08:36:08.352
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-02-22 08:36:08.240
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 28%
Total physical RAM: 8075.12 MB
Available physical RAM: 5756.57 MB
Total Virtual: 16154.12 MB
Available Virtual: 14219.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.56 GB) (Free:870.46 GB) NTFS
 
\\?\Volume{2c057cfa-e45b-496f-bfaa-d04e92d054fe}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{4fd09610-edc6-4c1d-90f5-dff3eb33a684}\ () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F1BA74E3)
 
Partition: GPT.
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users