Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018
Ran by sylvania (24-01-2018 20:41:31)
Running from C:\Users\sylvania\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-29 20:52:05)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2400762992-834235184-972392584-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2400762992-834235184-972392584-503 - Limited - Disabled)
Guest (S-1-5-21-2400762992-834235184-972392584-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2400762992-834235184-972392584-1003 - Limited - Enabled)
sylvania (S-1-5-21-2400762992-834235184-972392584-1001 - Administrator - Enabled) => C:\Users\sylvania
WDAGUtilityAccount (S-1-5-21-2400762992-834235184-972392584-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Reader XI (11.0.23) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CrystalDiskMark 5.5.0 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.5.0 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\{076D9EC4-5DF0-3179-AB3E-33D96C705980}) (Version: 63.0.3239.132 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Main Services (HKLM-x32\...\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}) (Version: 1.2.9 - System Native) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.1.0 - Adlice Software)
Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Spotify (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Update for Skype for Business 2016 (KB4011623) 64-Bit Edition (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}_Office16.STANDARD_{1C1EDA98-E4A1-4D14-BA2F-2C5D7366373A}) (Version: - Microsoft)
Windows Driver Package - AMD (amdkmpfd) System (08/29/2016 16.40.0.0000) (HKLM\...\8A3FB89402FAD77EBB8F2812861E1F298156098C) (Version: 08/29/2016 16.40.0.0000 - AMD)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel (ICCWDT) System (03/13/2016 11.0.0.1010) (HKLM\...\262F224EEDD1DB9B9F2CC1808546760F1633498C) (Version: 03/13/2016 11.0.0.1010 - Intel)
Windows Driver Package - Intel (MEIx64) System (09/15/2016 11.6.0.1032) (HKLM\...\E206CA2BD4638C0CFF7D6D2C71F67F757D5FBCE2) (Version: 09/15/2016 11.6.0.1032 - Intel)
Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\12B3AEBAC72FCBF7760C5BE0C978D67FCCF66C3A) (Version: 10/03/2016 10.1.1.38 - INTEL)
Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\97077B7F26CCDFC1BC77C772D0AE8623934004EB) (Version: 10/03/2016 10.1.1.38 - INTEL)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (07/14/2016 6.2.84.276) (HKLM\...\4793ED4F0CFB9806CAB4A59B5B74C1F5AADEDF1A) (Version: 07/14/2016 6.2.84.276 - IVT Corporation)
Windows Driver Package - LG Electronics Inc. (Serial) Ports (03/05/2015 6.3.9600.4) (HKLM\...\23D08292B2639E56E3531B935E22B475F6700AAA) (Version: 03/05/2015 6.3.9600.4 - LG Electronics Inc.)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (08/11/2016 10.0.0.345) (HKLM\...\4082E5FB23D5C8B55E96800A42966C93C3ED3D94) (Version: 08/11/2016 10.0.0.345 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - Realtek (rt640x64) Net (10/07/2016 10.012.1007.2016) (HKLM\...\307C1523E32D7B4E2A9F1BC356413497659E6906) (Version: 10/07/2016 10.012.1007.2016 - Realtek)
Windows Driver Package - Realtek Semiconduct Corp. (RSPCIESTOR) MTD (11/05/2015 10.0.10240.28159) (HKLM\...\6870E744E53EC74395FFE6CAA6114157F9450CEC) (Version: 11/05/2015 10.0.10240.28159 - Realtek Semiconduct Corp.)
Windows Driver Package - Render (rdacpi) HIDClass (07/12/2016 15.58.20.163) (HKLM\...\8BE61485D5A6FEB86C5ED05D99B4964F68536448) (Version: 07/12/2016 15.58.20.163 - Render)
Windows Driver Package - Teclast Firmware (04/07/2016 10.0.10240.303) (HKLM\...\BB3851F92871768FAB22254B67079ABA44D42801) (Version: 04/07/2016 10.0.10240.303 - Teclast)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-29] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A022759-4106-46EC-97B4-5D69522805C9} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2400762992-834235184-972392584-1001 => C:\Users\sylvania\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-19] (Mega Limited)
Task: {614C7D24-8119-46C9-9C98-06D5305DDBA5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {62986C60-682D-47A7-A3F2-6336A0A7AB7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {68CF6E51-74BE-43CE-9238-85E11C41F4BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {7F9D066E-48E2-4862-8FBF-574045C8EFD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {83159E77-F866-4CC2-A5CE-30CC6658AEE4} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION
Task: {8BB084E7-85D8-4507-8DF4-F3F20D469DC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {8E5EC416-0C21-4461-8421-B0F4358DE3DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {93280F81-3705-4A55-A07B-D336A1D8F511} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {96AB4E49-0CE9-44A5-9C24-1AAA847DC502} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION
Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {BAAECB41-A9EC-4047-9C22-CD622CF36588} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C49FE0E1-70A6-47B0-A5A9-D8DEE2C5DA95} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-29] (Realtek Semiconductor)
Task: {C70A1192-21DA-4F4A-8558-E0B01ECE7D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {D2B1447E-6916-4CB5-9CD4-720492C2B7AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {D4F6157E-D830-44F8-B496-5A21B41C7435} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {DE4C0667-416B-47F0-B292-A72E3DB25C0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FC9165A1-9AFD-4386-ACD2-80B6F4924291} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\sylvania\Desktop\HPC07DC0 (HP ENVY 7640 series) - Shortcut.lnk -> hxxp://192.168.223.

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll
2017-07-11 07:03 - 2017-07-11 07:03 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-12-30 16:01 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-30 16:00 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-18 16:26 - 2018-01-18 17:57 - 000015360 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
2018-01-18 16:26 - 2018-01-18 17:56 - 007322624 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll
2018-01-18 16:26 - 2018-01-18 17:56 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-01-18 16:26 - 2018-01-18 17:56 - 000023552 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\SkuInterop.dll
2016-12-21 20:17 - 2016-12-21 20:17 - 000200704 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2400762992-834235184-972392584-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sylvania\Pictures\fotos cell syl\CAM01711 - Copy.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => ".ggmappltlpggm.vbs"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "ggmUEU1TWs"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "maverickssamia"
HKLM\...\StartupApproved\Run: => "mavericksmavericks"
HKLM\...\StartupApproved\Run: => "mavericks"
HKLM\...\StartupApproved\Run: => "KICTHEN"
HKLM\...\StartupApproved\Run32: => "hanfordhagan"
HKLM\...\StartupApproved\Run32: => "hanfordhanford"
HKLM\...\StartupApproved\Run32: => "hanford"
HKLM\...\StartupApproved\Run32: => "SpywareTerminatorUpdater"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wantingwanting.lnk"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wanting.lnk"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "1ezVUuyAC.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "2qAwaduHQc.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "A2SOzXsXASHIih.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "BDVSGFEEIN.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "c3NJhEdNA.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "CCHRXSFIFC.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "FrostyCherry"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "dolsaw"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "countenanced"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "LxmtWX1cwxxn.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "QKASIHBDFV.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "qygYsJujJArPui.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "sfoNwY4W.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "tyBPdA2maz.exe"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "vibrators"
HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B2B90136-512B-4E56-85FD-FF2EBD02AB76}] => (Allow) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
FirewallRules: [TCP Query User{934C87D7-ADAA-4815-9EE4-FDE5A1E6348A}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{52F64507-B5D9-465F-B4C2-E1FB5E09DE96}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{181F6794-D2A1-4217-9519-D624A15F8E2A}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe
FirewallRules: [UDP Query User{19372658-74E9-4ED9-B43C-82399E792318}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe
FirewallRules: [TCP Query User{AE7AFA1E-6405-4BB7-93A4-45F1E0445A08}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A0A153EE-54A3-4249-A81C-D082B39C8AEA}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C6D029D4-AA20-4075-A4A7-7D9B1759BAB3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3D5B859C-7B85-4C14-9BAB-64A9BA4A0CA5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{AE0ED82B-1916-4B86-A7C3-6C7A2C40A38B}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{E131AF14-81A1-4A83-B0E4-A7EC45A3C5BF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{979C62DE-2F12-4F55-B659-854A42A0218A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8501E6B-F361-4FA3-BA39-A66B0CD29EE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AEF8BE3C-A8CA-4521-9C9D-FDC4E362EE40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teclast System Firmware 303
Description: Teclast System Firmware 303
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Teclast
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2018 08:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.16299.15, time stamp: 0xc7c54b6c
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xc0000005
Fault offset: 0x0000000000097c77
Faulting process id: 0x1d94
Faulting application start time: 0x01d3957bb88776ed
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3344e1c9-c961-4382-9351-01296e6fb9f4
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2018 08:28:36 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/24/2018 08:28:36 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/24/2018 08:28:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/24/2018 08:28:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/24/2018 12:26:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/23/2018 11:40:46 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/23/2018 11:13:01 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/23/2018 10:21:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/23/2018 10:14:36 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database
at System.Data.SQLite.SQLiteConnection.Open()
at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (01/24/2018 08:41:47 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/24/2018 08:41:41 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/24/2018 08:41:29 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/24/2018 08:41:26 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration

Error: (01/24/2018 08:40:26 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/24/2018 08:40:18 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/24/2018 08:40:09 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/24/2018 08:39:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (01/24/2018 08:39:17 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/24/2018 08:39:16 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
Date: 2018-01-15 17:29:23.261
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 16:19:58.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 16:19:58.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 14:23:21.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 14:23:20.934
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:29:05.085
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:24:16.277
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:18:03.919
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 13:18:03.546
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-15 12:28:05.553
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8109.69 MB
Available physical RAM: 6108.23 MB
Total Virtual: 16301.69 MB
Available Virtual: 14548.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:860 GB) (Free:540.71 GB) NTFS
Drive k: (Backup) (Fixed) (Total:59.37 GB) (Free:13.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0819675)

Partition: GPT.

==================== End of Addition.txt ============================