Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"You are infected with Porn virus call Msft immediately!" Really?


  • This topic is locked This topic is locked
9 replies to this topic

#1 FluffyPup

FluffyPup

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:SoCal
  • Local time:10:27 PM

Posted 04 July 2018 - 04:11 PM

My computer froze.  A page that looked like the Microsoft store appeared and a voice said, "You have been infected with a pornography virus.  Call Microsoft immediately or you will be blocked from us of our network."

 

1.  I am familiar with the phone calls claiming to be Microsoft support, I am assumming this is just the next generation of that scam.  Is that correct?

 

2.  The computer has been experiencing DNS overloads and DNS failures that I have not been able to resolve.  Is this related to this issue?  Is this their efforts to gain access to the computer?

 

3.  The computer is running Avast and it is up to date.  Avast av and wifi inspector found nothing.  Malwarebytes found   Nothing.  Is there something I am missing, or did my turn just come up?

 

4.  From your experience, do you usually see this with a computer or a network that has been compromised?  

  (The problem computer is Windows 10 pro.  I also have another WIndows 10 pro, a Windows 10 home computer and an old Android phone on the same network connected through a Netgear router.)

 

5.  Now, what steps do you recommend I take.

 

Thanks

FP


Edited by britechguy, 04 July 2018 - 04:38 PM.
Clear evidence of an infectious vector has been presented. Moved to MRA as a result.


BC AdBot (Login to Remove)

 


#2 FluffyPup

FluffyPup
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:SoCal
  • Local time:10:27 PM

Posted 04 July 2018 - 04:42 PM

Really wanted to hear I just hit a bad web page.  But, appreciate your reclassification britechguy.  Thanks



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:27 AM

Posted 04 July 2018 - 05:18 PM

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Louis



#4 FluffyPup

FluffyPup
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:SoCal
  • Local time:10:27 PM

Posted 04 July 2018 - 05:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by FluffyPup (administrator) on  (04-07-2018 15:36:13)
Running from G:\Mar2018CmptrClnTools
Loaded Profiles: FluffyPup (Available Profiles: FluffyPup & RepairUser)
Platform: Microsoft Windows 10 Pro Version 1709 16299.492 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) G:\Mar2018CmptrClnTools\FRST32bit.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2009-07-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [321656 2007-05-14] (Sony Corporation)
HKLM\...\Run: [VAIOCameraUtility] => C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [411768 2007-02-07] (Sony Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-26] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
Winlogon\Notify\VESWinlogon: C:\WINDOWS\system32\VESWinlogon.dll [2007-04-23] (Sony Corporation)
HKU\S-1-5-21-1393598561-2828144486-4033361396-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5117efb1-c8a1-4d64-9d07-705ca80f4eef}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a3ee7aaa-733c-4fe8-9c71-7b7ecb5f70ac}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1393598561-2828144486-4033361396-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-07-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-07-04] (Oracle Corporation)

Edge:
======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2018-06-26]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-06-26]

FireFox:
========
FF DefaultProfile: z5n4xr1z.default
FF ProfilePath: C:\Users\FluffyPup\AppData\Roaming\Mozilla\Firefox\Profiles\z5n4xr1z.default [2018-07-04]
FF Extension: (Avast SafePrice) - C:\Users\FluffyPup\AppData\Roaming\Mozilla\Firefox\Profiles\z5n4xr1z.default\Extensions\sp@avast.com.xpi [2018-07-04]
FF Extension: (Avast Online Security) - C:\Users\FluffyPup\AppData\Roaming\Mozilla\Firefox\Profiles\z5n4xr1z.default\Extensions\wrc@avast.com.xpi [2018-06-26]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-06-26] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-07-04] (Oracle Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-06-26] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-26] (AVAST Software)
S4 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [311296 2016-12-18] (Genie9) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
S3 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [197104 2017-07-03] (NETGEAR)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2891976 2017-11-26] (Microsoft Corporation)
S4 STacSV; C:\WINDOWS\system32\stacsv.exe [94208 2007-08-06] (SigmaTel, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167552 2018-06-26] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188352 2018-06-26] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [164944 2018-06-26] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284328 2018-06-26] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57976 2018-06-26] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [14840 2018-06-26] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [189240 2018-06-26] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-06-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [133680 2018-06-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [101056 2018-06-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [71848 2018-06-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784120 2018-06-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [393904 2018-06-26] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [162704 2018-06-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-06-26] (AVAST Software)
R3 IFXTPM; C:\WINDOWS\System32\drivers\IFXTPM.SYS [41216 2007-08-07] (Infineon Technologies AG)
S3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [126336 2016-03-10] (Malwarebytes)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [220896 2018-07-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 NETwLv32; C:\WINDOWS\System32\drivers\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2018-05-25] (CACE Technologies, Inc.)
S3 NvStUSB; C:\WINDOWS\System32\drivers\nvstusb.sys [444784 2016-12-09] (NVIDIA Corporation)
R3 SPI; C:\WINDOWS\System32\drivers\SonyPI.sys [14720 2007-08-03] (Sony Corporation)
R3 STHDA; C:\WINDOWS\system32\drivers\stwrt.sys [326656 2007-08-06] (SigmaTel, Inc.)
R3 ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [807424 2007-08-06] (Texas Instruments)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-06-26] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38912 2018-06-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [258600 2018-06-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [45608 2018-06-03] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2017-09-29] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-04 15:09 - 2018-07-04 15:09 - 000001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2018-07-04 15:09 - 2018-07-04 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-07-04 15:09 - 2018-07-04 15:09 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2018-07-04 15:09 - 2016-03-10 14:09 - 000053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-04 15:09 - 2016-03-10 14:08 - 000126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-07-04 15:09 - 2016-03-10 14:08 - 000024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-04 13:39 - 2018-07-04 13:39 - 000002517 _____ C:\Users\FluffyPup\Desktop\888.txt
2018-07-04 13:31 - 2018-07-04 13:31 - 000000000 ____D C:\Program Files\Common Files\Java
2018-07-04 13:31 - 2018-07-04 13:31 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-07-04 13:30 - 2018-07-04 13:30 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-07-04 13:27 - 2018-07-04 13:27 - 000001038 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-26 19:40 - 2018-06-08 04:42 - 002491120 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-26 19:40 - 2018-06-08 04:41 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-26 19:40 - 2018-06-08 04:41 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-26 19:40 - 2018-06-07 23:20 - 000213840 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-06-26 19:40 - 2018-06-07 23:19 - 001901984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-06-26 19:40 - 2018-06-07 23:18 - 001445760 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-26 19:40 - 2018-06-07 23:17 - 006415264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-26 19:40 - 2018-06-07 23:16 - 001934360 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-26 19:40 - 2018-06-07 23:16 - 001622960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-26 19:40 - 2018-06-07 23:16 - 000358304 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2018-06-26 19:40 - 2018-06-07 23:16 - 000358304 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-06-26 19:40 - 2018-06-07 23:14 - 000508320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-06-26 19:40 - 2018-06-07 23:10 - 003485400 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-06-26 19:40 - 2018-06-07 23:10 - 001124768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-06-26 19:40 - 2018-06-07 23:09 - 006092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-26 19:40 - 2018-06-07 23:09 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-26 19:40 - 2018-06-07 23:09 - 000791968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-06-26 19:40 - 2018-06-07 23:09 - 000205216 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-26 19:40 - 2018-06-07 23:08 - 020290256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-26 19:40 - 2018-06-07 23:08 - 003979696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-26 19:40 - 2018-06-07 23:08 - 001990672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-26 19:40 - 2018-06-07 23:08 - 000718496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-06-26 19:40 - 2018-06-07 23:08 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-26 19:40 - 2018-06-07 23:06 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-26 19:40 - 2018-06-07 23:06 - 006015208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-26 19:40 - 2018-06-07 23:06 - 004668688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-26 19:40 - 2018-06-07 23:06 - 001524784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-26 19:40 - 2018-06-07 23:06 - 000129208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-26 19:40 - 2018-06-07 23:04 - 000758176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-26 19:40 - 2018-06-07 22:47 - 000075776 _____ C:\WINDOWS\system32\runexehelper.exe
2018-06-26 19:40 - 2018-06-07 22:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-26 19:40 - 2018-06-07 22:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-26 19:40 - 2018-06-07 22:46 - 000817152 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-06-26 19:40 - 2018-06-07 22:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-26 19:40 - 2018-06-07 22:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-06-26 19:40 - 2018-06-07 22:45 - 018930688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-26 19:40 - 2018-06-07 22:45 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-06-26 19:40 - 2018-06-07 22:45 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-06-26 19:40 - 2018-06-07 22:44 - 019358720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-26 19:40 - 2018-06-07 22:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-26 19:40 - 2018-06-07 22:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-26 19:40 - 2018-06-07 22:43 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-26 19:40 - 2018-06-07 22:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-06-26 19:40 - 2018-06-07 22:41 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-26 19:40 - 2018-06-07 22:41 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-26 19:40 - 2018-06-07 22:41 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-26 19:40 - 2018-06-07 22:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-26 19:40 - 2018-06-07 22:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-06-26 19:40 - 2018-06-07 22:40 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-26 19:40 - 2018-06-07 22:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-26 19:40 - 2018-06-07 22:40 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-26 19:40 - 2018-06-07 22:39 - 001859584 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-06-26 19:40 - 2018-06-07 22:39 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-26 19:40 - 2018-06-07 22:39 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-26 19:40 - 2018-06-07 22:39 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-06-26 19:40 - 2018-06-07 22:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-06-26 19:40 - 2018-06-07 22:38 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-26 19:40 - 2018-06-07 22:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-26 19:40 - 2018-06-07 22:38 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-26 19:40 - 2018-06-07 22:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 006060032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 002658816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 002024448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 001955840 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-26 19:40 - 2018-06-07 22:36 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-26 19:40 - 2018-06-07 22:35 - 007812608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-26 19:40 - 2018-06-07 22:35 - 002868736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-26 19:40 - 2018-06-07 22:35 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-26 19:40 - 2018-06-07 22:35 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-26 19:40 - 2018-06-07 22:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-26 19:40 - 2018-06-07 22:34 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-26 19:40 - 2018-06-07 22:31 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-06-26 19:40 - 2018-06-07 22:31 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-06-26 19:40 - 2018-06-07 22:30 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-06-26 19:40 - 2018-05-11 15:00 - 000271768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-06-26 19:40 - 2018-05-11 15:00 - 000065432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-06-26 19:40 - 2018-05-11 14:56 - 002117528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-26 19:40 - 2018-05-11 14:56 - 000607640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-26 19:40 - 2018-05-11 14:56 - 000339352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-26 19:40 - 2018-05-11 14:55 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-06-26 19:40 - 2018-05-11 14:55 - 000080792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-26 19:40 - 2018-05-11 14:54 - 000353176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-06-26 19:40 - 2018-05-11 14:54 - 000278424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-06-26 19:40 - 2018-05-11 14:53 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-26 19:40 - 2018-05-11 14:53 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-06-26 19:40 - 2018-05-11 14:53 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-26 19:40 - 2018-05-11 14:29 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-06-26 19:40 - 2018-05-11 14:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-06-26 19:40 - 2018-05-11 14:27 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-06-26 19:40 - 2018-05-11 14:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-06-26 19:40 - 2018-05-11 14:24 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-26 19:40 - 2018-05-11 14:23 - 001624576 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-26 19:40 - 2018-05-11 14:20 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-26 19:40 - 2018-05-11 14:20 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-26 19:40 - 2018-05-11 14:19 - 001353216 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-26 19:39 - 2018-06-07 23:24 - 000915328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-26 19:39 - 2018-06-07 23:24 - 000799600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-26 19:39 - 2018-06-07 23:23 - 000118688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-06-26 19:39 - 2018-06-07 23:22 - 001328032 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-06-26 19:39 - 2018-06-07 23:21 - 000247224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-26 19:39 - 2018-06-07 23:21 - 000061344 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-06-26 19:39 - 2018-06-07 23:20 - 000603552 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-06-26 19:39 - 2018-06-07 23:20 - 000347040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-06-26 19:39 - 2018-06-07 23:19 - 000516000 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-06-26 19:39 - 2018-06-07 23:19 - 000350648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-26 19:39 - 2018-06-07 23:19 - 000030624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-06-26 19:39 - 2018-06-07 23:18 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-06-26 19:39 - 2018-06-07 23:18 - 000212920 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-06-26 19:39 - 2018-06-07 23:17 - 001117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-26 19:39 - 2018-06-07 23:16 - 000975224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-26 19:39 - 2018-06-07 23:15 - 001995168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-26 19:39 - 2018-06-07 23:15 - 000023456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-26 19:39 - 2018-06-07 23:12 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-26 19:39 - 2018-06-07 23:12 - 000613800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-26 19:39 - 2018-06-07 23:12 - 000451488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-06-26 19:39 - 2018-06-07 23:11 - 000445344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-26 19:39 - 2018-06-07 23:09 - 000832952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2018-06-26 19:39 - 2018-06-07 23:09 - 000592800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-26 19:39 - 2018-06-07 23:09 - 000108496 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-26 19:39 - 2018-06-07 23:08 - 001075984 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-26 19:39 - 2018-06-07 23:08 - 000640024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-06-26 19:39 - 2018-06-07 23:08 - 000538768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-26 19:39 - 2018-06-07 23:07 - 002386320 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-26 19:39 - 2018-06-07 23:07 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-26 19:39 - 2018-06-07 23:07 - 000047608 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-26 19:39 - 2018-06-07 23:06 - 001131696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-06-26 19:39 - 2018-06-07 23:06 - 000551696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-26 19:39 - 2018-06-07 23:04 - 000509368 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-06-26 19:39 - 2018-06-07 22:46 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-06-26 19:39 - 2018-06-07 22:46 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-06-26 19:39 - 2018-06-07 22:44 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-26 19:39 - 2018-06-07 22:43 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-26 19:39 - 2018-06-07 22:43 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-26 19:39 - 2018-06-07 22:42 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-06-26 19:39 - 2018-06-07 22:41 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-26 19:39 - 2018-06-07 22:41 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-26 19:39 - 2018-06-07 22:41 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-06-26 19:39 - 2018-06-07 22:40 - 001277440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2018-06-26 19:39 - 2018-06-07 22:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2018-06-26 19:39 - 2018-06-07 22:40 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-06-26 19:39 - 2018-06-07 22:39 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-26 19:39 - 2018-06-07 22:36 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-06-26 19:39 - 2018-06-07 22:36 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-06-26 19:39 - 2018-06-07 22:35 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-26 19:39 - 2018-06-07 22:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-06-26 19:39 - 2018-06-07 22:35 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-26 19:39 - 2018-06-07 22:35 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-26 19:39 - 2018-06-07 22:35 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-26 19:39 - 2018-06-07 22:35 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2018-06-26 19:39 - 2018-06-07 22:34 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-06-26 19:39 - 2018-06-07 22:31 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-26 19:39 - 2018-06-07 22:30 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-06-26 19:39 - 2018-05-12 00:04 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-26 19:39 - 2018-05-11 15:02 - 000156056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-06-26 19:39 - 2018-05-11 14:55 - 001868696 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-26 19:39 - 2018-05-11 14:53 - 001033576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 001270680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 001121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000938392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000828824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000635800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-06-26 19:39 - 2018-05-11 14:51 - 000622488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000577944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000533400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000483224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000369560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000286104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-06-26 19:39 - 2018-05-11 14:51 - 000155032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-06-26 19:39 - 2018-05-11 14:33 - 002762752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-26 19:39 - 2018-05-11 14:33 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-26 19:39 - 2018-05-11 14:32 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-06-26 19:39 - 2018-05-11 14:31 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PayloadRestrictions.dll
2018-06-26 19:39 - 2018-05-11 14:31 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-06-26 19:39 - 2018-05-11 14:31 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
2018-06-26 19:39 - 2018-05-11 14:30 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-06-26 19:39 - 2018-05-11 14:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-26 19:39 - 2018-05-11 14:29 - 001428480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2018-06-26 19:39 - 2018-05-11 14:29 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2018-06-26 19:39 - 2018-05-11 14:29 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-06-26 19:39 - 2018-05-11 14:29 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-06-26 19:39 - 2018-05-11 14:29 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2018-06-26 19:39 - 2018-05-11 14:28 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-06-26 19:39 - 2018-05-11 14:28 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-06-26 19:39 - 2018-05-11 14:28 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-06-26 19:39 - 2018-05-11 14:27 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2018-06-26 19:39 - 2018-05-11 14:27 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-06-26 19:39 - 2018-05-11 14:26 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2018-06-26 19:39 - 2018-05-11 14:22 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-26 19:39 - 2018-05-11 14:20 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-26 19:33 - 2018-06-26 19:33 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-06-26 19:33 - 2018-06-26 19:33 - 000002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-06-26 19:31 - 2018-06-26 19:31 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-06-26 19:31 - 2018-06-26 19:30 - 001142072 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2018-06-26 19:31 - 2018-06-26 19:30 - 000784120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000393904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000321752 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-06-26 19:31 - 2018-06-26 19:30 - 000310784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000284328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000189240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000188352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000167552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000164944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000162704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000133680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000101056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000071848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000057976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000042808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-06-26 19:31 - 2018-06-26 19:30 - 000014840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-06-26 19:27 - 2018-06-26 19:27 - 000178320 _____ (AVAST Software) C:\Users\FluffyPup\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-06-26 16:31 - 2018-07-04 15:14 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-26 11:19 - 2018-06-26 11:19 - 001208259 _____ C:\Users\FluffyPup\Documents\Bass2.oxps
2018-06-26 11:08 - 2018-06-26 11:08 - 001306884 _____ C:\Users\FluffyPup\Documents\Bass1.oxps
2018-06-26 10:23 - 2018-06-26 10:23 - 000000000 ____D C:\Users\FluffyPup\AppData\Roaming\AVAST Software
2018-06-26 10:23 - 2018-06-26 10:23 - 000000000 ____D C:\Users\FluffyPup\AppData\Local\CEF
2018-06-26 10:22 - 2018-07-04 15:18 - 000000000 ____D C:\Users\FluffyPup\AppData\Local\AVAST Software
2018-06-26 10:18 - 2018-06-26 10:18 - 000000000 ____D C:\Program Files\AVAST Software
2018-06-26 10:17 - 2018-06-27 09:01 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-22 12:52 - 2018-06-07 22:44 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-12 09:44 - 2018-06-12 09:45 - 000065656 _____ C:\Users\FluffyPup\Downloads\NETGEAR_R6700(1).cfg
2018-06-11 20:47 - 2018-06-11 20:47 - 000065656 _____ C:\Users\FluffyPup\Downloads\NETGEAR_R6700.cfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-04 15:36 - 2016-08-13 18:16 - 000000000 ____D C:\FRST
2018-07-04 15:28 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-04 15:27 - 2018-04-20 14:08 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-04 15:27 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-04 15:18 - 2018-04-20 13:43 - 000907802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-04 15:14 - 2018-04-20 13:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-04 15:13 - 2018-04-20 13:55 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-04 15:09 - 2018-05-26 12:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-04 15:07 - 2017-06-20 13:10 - 000001982 _____ C:\Users\FluffyPup\Desktop\Rkill.txt
2018-07-04 15:00 - 2018-04-20 13:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-04 14:14 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-04 13:56 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\rescache
2018-07-04 13:31 - 2018-05-04 19:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-04 13:31 - 2016-11-27 19:26 - 000000000 ____D C:\Users\FluffyPup\AppData\LocalLow\Mozilla
2018-07-04 13:30 - 2018-05-23 07:39 - 000096712 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2018-07-04 13:30 - 2018-05-23 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-04 13:29 - 2018-05-23 07:38 - 000000000 ____D C:\Program Files\Java
2018-07-04 13:18 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-26 20:15 - 2017-11-19 13:26 - 000000000 ___RD C:\Users\FluffyPup\3D Objects
2018-06-26 20:15 - 2016-04-26 21:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-26 20:13 - 2018-04-20 14:06 - 000000000 ____D C:\WINDOWS\INF
2018-06-26 20:09 - 2018-04-20 14:08 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-26 20:09 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-26 20:09 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-26 20:09 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-26 20:09 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-26 20:01 - 2018-04-20 13:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-26 19:56 - 2018-04-20 16:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-26 19:54 - 2018-04-20 16:26 - 130354992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-26 19:54 - 2018-04-20 16:26 - 130354992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-26 19:31 - 2018-04-20 14:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-26 17:29 - 2018-05-23 17:52 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-06-26 17:06 - 2018-05-22 12:46 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-06-26 16:23 - 2018-04-20 13:36 - 000000000 ____D C:\Users\FluffyPup
2018-06-26 16:11 - 2018-04-20 13:24 - 000219264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-26 16:07 - 2018-04-20 18:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ___SD C:\WINDOWS\system32\AppV
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ___RD C:\Program Files\Windows Defender
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-26 16:07 - 2018-04-20 14:08 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-06-26 16:07 - 2018-04-20 13:55 - 000000000 ____D C:\WINDOWS\servicing
2018-06-26 16:07 - 2018-04-20 13:36 - 000000000 ____D C:\Users\RepairUser
2018-06-26 16:07 - 2018-04-20 13:36 - 000000000 ____D C:\Users\DefaultAppPool
2018-06-26 16:06 - 2018-05-25 13:05 - 000000000 ____D C:\Program Files\NETGEAR Genie
2018-06-26 16:06 - 2018-05-04 19:21 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-26 16:06 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\SystemResources
2018-06-26 16:06 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-06-26 16:06 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-26 16:06 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\security
2018-06-26 16:06 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-26 16:06 - 2018-04-20 14:08 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-26 16:06 - 2017-03-20 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-06-26 16:03 - 2018-04-20 14:23 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-06-26 15:51 - 2018-04-20 14:08 - 000000000 ____D C:\WINDOWS\registration
2018-06-26 15:44 - 2013-11-20 20:34 - 000000000 ____D C:\Users\FluffyPup\AppData\LocalLow\Sun
2018-06-26 15:43 - 2016-07-29 23:24 - 000000000 ___DC C:\$GetCurrent
2018-06-26 15:43 - 2015-08-11 22:37 - 000000000 ____D C:\AdwCleaner
2018-06-26 15:43 - 2013-12-11 22:35 - 000000000 ____D C:\Update
2018-06-26 15:43 - 2013-11-15 21:14 - 000000000 ____D C:\Infineon
2018-06-22 12:42 - 2016-07-30 01:08 - 000000000 ___RD C:\Users\FluffyPup\OneDrive
2018-06-13 20:44 - 2018-05-04 19:21 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-13 20:36 - 2018-04-20 13:55 - 000524288 _____ C:\WINDOWS\system32\config\BBI(1929)
2018-06-08 14:21 - 2018-05-26 13:02 - 000128736 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2018-06-08 13:23 - 2018-04-20 14:01 - 000002226 _____ C:\Users\FluffyPup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-07 23:29 - 2016-07-29 20:39 - 000398126 __RSH C:\bootmgr
2018-06-05 16:24 - 2018-04-20 18:06 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-06-05 16:24 - 2018-04-20 18:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-04 13:50

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by FluffyPup (04-07-2018 15:37:22)
Running from G:\Mar2018CmptrClnTools
Microsoft Windows 10 Pro Version 1709 16299.492 (X86) (2018-04-20 20:44:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-1393598561-2828144486-4033361396-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-1393598561-2828144486-4033361396-503 - Limited - Disabled)
FluffyPup (S-1-5-21-1393598561-2828144486-4033361396-1000 - Administrator - Enabled) => C:\Users\FluffyPup
guest (S-1-5-21-1393598561-2828144486-4033361396-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1393598561-2828144486-4033361396-1005 - Limited - Enabled)
RepairUser (S-1-5-21-1393598561-2828144486-4033361396-1001 - Administrator - Enabled) => C:\Users\RepairUser
WDAGUtilityAccount (S-1-5-21-1393598561-2828144486-4033361396-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 172 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
LAN Setting Utility (HKLM\...\{5958CAC6-373E-402F-84FE-0A699AA920B9}) (Version: 1.1.00.11010 - Sony Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1393598561-2828144486-4033361396-1000\...\OneDriveSetup.exe) (Version: 18.095.0510.0001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x86 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.4.48.00 - NETGEAR Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
ReadySHARE Vault (HKLM\...\ReadySHARE Vault) (Version: 7.0 - Genie9)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
RogueKiller version 12.12.18.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.18.0 - Adlice Software)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Setting Utility Series (HKLM\...\{59452470-A902-477F-9338-9B88101681BD}) (Version: 2.1.00.16040 - Sony Corporation)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07280 - Sony Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
VAIO Camera Capture Utility (HKLM\...\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}) (Version: 2.3.00.15160 - Sony Corporation)
VAIO Camera Utility (HKLM\...\{1417F599-1DBD-4499-9375-B2813E9F890C}) (Version: 2.0.01.02070 - Sony Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-06-26] (AVAST Software)
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-06-26] (AVAST Software)
ContextMenuHandlers1: [RXDCExtSvr] -> {70D0238E-E029-4a94-B68D-182018B6C4FF} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll [2009-07-11] (Sonic Solutions)
ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9)
ContextMenuHandlers2: [RXDCExtSvr] -> {70D0238E-E029-4a94-B68D-182018B6C4FF} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll [2009-07-11] (Sonic Solutions)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-06-26] (AVAST Software)
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-06-26] (AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [RXDCExtSvr] -> {70D0238E-E029-4a94-B68D-182018B6C4FF} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll [2009-07-11] (Sonic Solutions)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22CD3781-AE3A-4EA7-BBD5-115DF77BA022} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {4B53DAA6-1C60-48DD-AD0F-D159ED178B52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {6F7126CC-5954-4278-A63C-269F02B2855E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-26] (AVAST Software)
Task: {7537AF45-4347-4BAE-9D98-D8C65910CD34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {86B1D4F0-0AB9-49D6-8862-D9EED460A43B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {B36862A5-5909-417F-B44E-F90B654EBD3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {B93F79F7-14A8-417B-8BDC-ECEDB65D757C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-26] (AVAST Software)
Task: {C996FA7F-CB0C-4BAD-8229-2BD8F543C0B5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 04:49 - 2017-09-29 04:49 - 000149840 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-05-26 13:02 - 2018-06-08 14:21 - 001930960 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-25 13:32 - 2016-12-18 05:38 - 000158208 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2018-05-25 13:32 - 2016-12-13 03:19 - 000038400 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2018-05-25 13:32 - 2016-12-18 05:38 - 000175104 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2018-05-25 13:32 - 2016-12-13 03:19 - 000080384 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2018-05-25 13:32 - 2016-12-18 05:38 - 000398336 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2018-05-25 13:32 - 2012-02-02 02:16 - 000923136 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2018-05-25 13:32 - 2013-02-03 04:40 - 000010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2018-06-26 19:39 - 2018-06-07 22:38 - 007817728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-06-26 19:40 - 2018-06-07 22:35 - 001518592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-26 19:33 - 2018-06-26 19:33 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-26 19:30 - 2018-06-26 19:30 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-26 19:30 - 2018-06-26 19:30 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20495595.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55864653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20495595.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55864653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-20 14:09 - 2018-06-26 19:30 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1393598561-2828144486-4033361396-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3CBD98E7-CC15-4DA2-9DD0-E950F4C24ECC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60B2C4F5-F556-4DD2-B99C-7C3927BCDB7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{32C5DA6B-1D6F-4180-B061-9FC172558990}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{F6202490-FCD1-4887-BE3B-C2069D93760A}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{0BA1D169-BED8-4049-9560-1D95E04ECDE9}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{9B5E4F69-E6A4-4F25-B529-58A06E723EB4}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{330F6E55-5EB5-4DA6-8B82-C7970E5A0171}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [{11FE6BB7-FF56-48AF-A822-AEFB7AEBFE51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{BDB8DAFC-134C-48CF-A92B-0F42706F0DA6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{A117B617-4C6A-4CF5-AD7B-20F731B7D37D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{3B5611B6-316E-41B4-8057-64F9775AC3EA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

19-06-2018 14:54:53 Scheduled Checkpoint
26-06-2018 14:57:23 After DNS issue started
26-06-2018 14:59:28 Restore Operation
04-07-2018 14:09:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2018 02:09:07 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Registry Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (07/04/2018 02:09:06 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (07/04/2018 02:09:06 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (07/04/2018 02:09:06 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (07/04/2018 02:09:06 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (07/04/2018 02:09:06 PM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer System Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (06/26/2018 07:49:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/26/2018 07:49:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (07/04/2018 03:34:45 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:45 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:45 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:45 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:45 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:45 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:14 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (07/04/2018 03:34:14 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.


Windows Defender:
===================================
Date: 2018-06-26 16:23:50.342
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {824C5BC3-48C7-455B-A4CE-2A4B4AFA5E47}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-13 20:03:50.158
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F489760B-0680-4F9A-85FC-D5A862AAD560}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-26 12:33:24.364
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B27FFAB7-42D1-48A4-AD6B-D88BFD972253}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-26 12:17:57.255
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B7B322EC-C91C-403A-9F37-08EEA0AD4452}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-26 17:15:56.714
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1857.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-06-26 17:15:56.714
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1857.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-06-26 17:15:56.714
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1857.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-06-26 17:15:56.706
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1857.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-06-26 17:15:56.706
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1857.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-05-30 09:40:14.466
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-30 09:39:33.740
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-30 09:39:32.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-30 09:39:09.173
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-30 09:39:08.575
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-30 09:39:00.304
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-30 09:38:59.936
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-05-26 12:49:04.212
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod6805.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3062.3 MB
Available physical RAM: 1766.92 MB
Total Virtual: 3574.3 MB
Available Virtual: 2343.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:185.87 GB) (Free:51.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (JAN2016USB2) (Removable) (Total:29.73 GB) (Free:26.69 GB) FAT32

\\?\Volume{6e4e0fcd-0000-0000-0000-b0772e000000}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 186.3 GB) (Disk ID: 6E4E0FCD)
Partition 1: (Active) - (Size=185.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 29.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.7 GB) - (Type=0C)

==================== End of Addition.txt ============================



#5 sasschary

sasschary

  • Malware Study Hall Senior
  • 803 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:27 AM

Posted 06 July 2018 - 06:18 PM

Hello,

 

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. Please give me a little bit to look over the logs you posted, and I will post back here again as soon as I can.

 

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

 

Sincerely,

Sasschary



#6 FluffyPup

FluffyPup
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:SoCal
  • Local time:10:27 PM

Posted 07 July 2018 - 12:43 AM

Appreciate your help Sasschary.

 

You should know the computer has run into futher issues; I also just realized it is running Windows Insider version.

What happened was today on bootup, a blue screen labled "Automatic Repair" appeared.

It said automatic repair couldn't repair the PC.  So, I just restarted it.

Then a green screen appeared

"Sorry your Windows Insider Build ran into .... gathering information.... "

Didn't catch all it said.  Flashed by to quick for me.  Then the computer went to a black screen saying "Preparing Automaric Repair", then to "Diagnosing your PC"

Now it is back to the blue screen labled "Automatic Repair".  I just shut it off.

Waiting for futher instructions.

Take your time, no rush.



#7 sasschary

sasschary

  • Malware Study Hall Senior
  • 803 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:27 AM

Posted 07 July 2018 - 12:29 PM

Hi FluffyPup,

I am not seeing any signs of infection on your system. However, we will see what we can do about your other problems. As for the questions in your original post:

  • Yes, the page you saw is just another of the fake Microsoft support scams. As long as you did not call the company and give them access to your computer, your computer shouldn't be at risk due to the popup.
  • I believe that these issues may be due to the fact that you're running an Insider build of Windows. This, unfortunately, is not where I am most comfortable working, so I will probably end up referring you to the Windows support area of BC.
  • Nope, your scans didn't miss anything.
  • While theoretically it is possible for malware to spread through the network (which is called a worm), it is unlikely that you have a worm, and you need not worry about your other devices on the network. Just as a warning for the future, though, if you do believe you are infected, it is a good idea to disconnect form the network so that a worm doesn't spread and there is no possibility of downloading any further malware to your system.
  • Please see below for the steps I suggest next.

The only suggestion I really have is to try and let automatic repair run for a bit. Leave it, even if it says it can't fix it, and let it restart itself a couple times, and see if anything changes. If it just continues to fail to fix itself, then, as I said, I think the best thing to do would be to start a post in the Windows forum of BC, where there are people who will likely be more comfortable helping with this issue. When posting, please be sure to include a link to this thread so that helpers there know a bit more about your issues and what has been attempted already.

Sorry I can't be more help!

In your next reply, please include the following:

  • Did Automatic Repair fix your issues?

sasschary



#8 FluffyPup

FluffyPup
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:SoCal
  • Local time:10:27 PM

Posted 08 July 2018 - 02:58 PM

Thanks for looking through my logs, sasschary.

I have been letting the Automatic Repairs run a few times.

Each time I am still getting the Green screen (I guess this is Windows Insider editions version of a BSOD)

I have run various Advanced Options, Troubleshootings options.  Doesn't get far, Green screens appear

I am currently trying a System Restore point.  Hopefully that fixes issues.  If not, it is over to BC's area as you suggested.

Thank you again for your help,

FP



#9 sasschary

sasschary

  • Malware Study Hall Senior
  • 803 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:27 AM

Posted 08 July 2018 - 08:50 PM

You're welcome. I wish you luck in solving your issue!

 

Sasschary



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:27 AM

Posted 09 July 2018 - 02:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users