Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by sylvania (21-01-2018 12:54:57) Running from C:\Users\sylvania\Downloads Windows 10 Home Version 1709 16299.192 (X64) (2017-12-29 20:52:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2400762992-834235184-972392584-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2400762992-834235184-972392584-503 - Limited - Disabled) Guest (S-1-5-21-2400762992-834235184-972392584-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2400762992-834235184-972392584-1003 - Limited - Enabled) sylvania (S-1-5-21-2400762992-834235184-972392584-1001 - Administrator - Enabled) => C:\Users\sylvania WDAGUtilityAccount (S-1-5-21-2400762992-834235184-972392584-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) Adobe Reader XI (11.0.23) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Main Services (HKLM-x32\...\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}) (Version: 1.2.9 - System Native) Hidden <==== ATTENTION MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.) Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung ) Spotify (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB) Update for Skype for Business 2016 (KB4011623) 64-Bit Edition (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}_Office16.STANDARD_{1C1EDA98-E4A1-4D14-BA2F-2C5D7366373A}) (Version: - Microsoft) Windows Driver Package - AMD (amdkmpfd) System (08/29/2016 16.40.0.0000) (HKLM\...\8A3FB89402FAD77EBB8F2812861E1F298156098C) (Version: 08/29/2016 16.40.0.0000 - AMD) Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Driver Package - Intel (ICCWDT) System (03/13/2016 11.0.0.1010) (HKLM\...\262F224EEDD1DB9B9F2CC1808546760F1633498C) (Version: 03/13/2016 11.0.0.1010 - Intel) Windows Driver Package - Intel (MEIx64) System (09/15/2016 11.6.0.1032) (HKLM\...\E206CA2BD4638C0CFF7D6D2C71F67F757D5FBCE2) (Version: 09/15/2016 11.6.0.1032 - Intel) Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\12B3AEBAC72FCBF7760C5BE0C978D67FCCF66C3A) (Version: 10/03/2016 10.1.1.38 - INTEL) Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\97077B7F26CCDFC1BC77C772D0AE8623934004EB) (Version: 10/03/2016 10.1.1.38 - INTEL) Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (07/14/2016 6.2.84.276) (HKLM\...\4793ED4F0CFB9806CAB4A59B5B74C1F5AADEDF1A) (Version: 07/14/2016 6.2.84.276 - IVT Corporation) Windows Driver Package - LG Electronics Inc. (Serial) Ports (03/05/2015 6.3.9600.4) (HKLM\...\23D08292B2639E56E3531B935E22B475F6700AAA) (Version: 03/05/2015 6.3.9600.4 - LG Electronics Inc.) Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (08/11/2016 10.0.0.345) (HKLM\...\4082E5FB23D5C8B55E96800A42966C93C3ED3D94) (Version: 08/11/2016 10.0.0.345 - Qualcomm Atheros Communications Inc.) Windows Driver Package - Realtek (rt640x64) Net (10/07/2016 10.012.1007.2016) (HKLM\...\307C1523E32D7B4E2A9F1BC356413497659E6906) (Version: 10/07/2016 10.012.1007.2016 - Realtek) Windows Driver Package - Realtek Semiconduct Corp. (RSPCIESTOR) MTD (11/05/2015 10.0.10240.28159) (HKLM\...\6870E744E53EC74395FFE6CAA6114157F9450CEC) (Version: 11/05/2015 10.0.10240.28159 - Realtek Semiconduct Corp.) Windows Driver Package - Render (rdacpi) HIDClass (07/12/2016 15.58.20.163) (HKLM\...\8BE61485D5A6FEB86C5ED05D99B4964F68536448) (Version: 07/12/2016 15.58.20.163 - Render) Windows Driver Package - Teclast Firmware (04/07/2016 10.0.10240.303) (HKLM\...\BB3851F92871768FAB22254B67079ABA44D42801) (Version: 04/07/2016 10.0.10240.303 - Teclast) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-29] (Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {015FB16F-C445-420C-95F7-95D08DA02A30} - System32\Tasks\MAndnoid => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\MAndnoid\MAndnoid.dll",KagZyluac <==== ATTENTION Task: {072FCC2B-D313-44EE-B379-74168ADCF076} - System32\Tasks\GoogleUpdateSecurityTaskMachine_RC => C:\Users\sylvania\AppData\Roaming\240e403a56ce48ff959050de1779ae41\chipset.exe exec hide CCHRXSFIFC.cmd <==== ATTENTION Task: {0A022759-4106-46EC-97B4-5D69522805C9} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2400762992-834235184-972392584-1001 => C:\Users\sylvania\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-19] (Mega Limited) Task: {0DC37176-4D2F-4067-8D32-A23A1030A768} - System32\Tasks\k41492113 => C:\Program Files (x86)\prancer\prancer.exe Task: {1A5217E1-C498-461F-A06C-67CC443AC9A8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HO => C:\Users\sylvania\AppData\Roaming\46fdfd7893ed431e9266132606b9faed\chipset.exe exec hide OUOHPHRXPB.cmd <==== ATTENTION Task: {3509B144-F3FC-47A6-B99D-3A7A8372646D} - System32\Tasks\Unreal Tournament System => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Unreal Tournament System\Unreal Tournament System.dll",DuMAuBY <==== ATTENTION Task: {35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UP => C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225\chipset.exe exec hide NSMPNQGYAN.cmd <==== ATTENTION Task: {3EC0033B-3370-4733-84EB-10C3D464B24D} - System32\Tasks\88418848 => C:\Users\sylvania\AppData\Local\hawaiian.exe <==== ATTENTION Task: {5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} - System32\Tasks\MicrosoftUpd => C:\ProgramData\MicrosoftUpd.exe <==== ATTENTION Task: {62986C60-682D-47A7-A3F2-6336A0A7AB7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {68CF6E51-74BE-43CE-9238-85E11C41F4BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {68D47E07-5B30-4370-AD36-9F066B16B564} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION Task: {7088B7C3-248B-4C76-914E-AB9189D0DE98} - System32\Tasks\23421212342121 => C:\Program Files (x86)\volpi\correlations.exe <==== ATTENTION Task: {7F9D066E-48E2-4862-8FBF-574045C8EFD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {8BB084E7-85D8-4507-8DF4-F3F20D469DC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {8E5EC416-0C21-4461-8421-B0F4358DE3DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.) Task: {8F437DF9-F650-4F8C-81B1-01B33EEEBC37} - System32\Tasks\8841884888418848 => C:\Users\sylvania\AppData\Local\correlations.exe <==== ATTENTION Task: {93280F81-3705-4A55-A07B-D336A1D8F511} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd) Task: {96AB4E49-0CE9-44A5-9C24-1AAA847DC502} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd) Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION Task: {A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} - System32\Tasks\2342121 => C:\Program Files (x86)\Prune\hawaiian.exe <==== ATTENTION Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {B94D0EA6-32CC-4439-A59A-83BC922EA69F} - System32\Tasks\4149211341492113 => C:\Program Files (x86)\Peh\correlations.exe <==== ATTENTION Task: {BA1ED955-A2B0-41B6-8E93-75F6398430F1} - System32\Tasks\FreeAntiVirus => C:\WINDOWS\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATTENTION Task: {BAAECB41-A9EC-4047-9C22-CD622CF36588} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {C49FE0E1-70A6-47B0-A5A9-D8DEE2C5DA95} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-29] (Realtek Semiconductor) Task: {C70A1192-21DA-4F4A-8558-E0B01ECE7D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.) Task: {D4F6157E-D830-44F8-B496-5A21B41C7435} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {DB5BCFD7-3048-404A-874A-7D2691407738} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AN => C:\Users\sylvania\AppData\Roaming\37c695d4924440dcbd07c800b3d8eab3\chipset.exe exec hide QKASIHBDFV.cmd <==== ATTENTION Task: {E1C71B97-2836-4369-BB76-8DD9B72F755F} - System32\Tasks\Guard => C:\Program Files (x86)\System Native\Main Services\Guard.exe <==== ATTENTION Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {F5EF4418-8A45-4FA9-9ABF-3E402704BD02} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HT => C:\Users\sylvania\AppData\Roaming\3a8c3ef3fd414bff8a3e5a34158aceae\chipset.exe exec hide AHCWRJOCHC.cmd <==== ATTENTION Task: {F753E39E-3850-40B4-8EBA-D39731575138} - System32\Tasks\41492113 => C:\Program Files (x86)\Peh\hawaiian.exe <==== ATTENTION Task: {FC9165A1-9AFD-4386-ACD2-80B6F4924291} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\sylvania\Desktop\HPC07DC0 (HP ENVY 7640 series) - Shortcut.lnk -> hxxp://192.168.223. ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-01-19 22:12 - 2015-06-01 14:11 - 002447872 _____ () C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll 2017-12-23 16:55 - 2016-03-09 16:18 - 000025088 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniSys.dll 2017-12-23 16:55 - 2016-03-09 16:18 - 002513920 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_proxy.dll 2017-12-23 16:55 - 2016-03-09 16:18 - 002436096 _____ () C:\Program Files\SAMSUNG\Samsung Link\scone_stub.dll 2016-11-01 23:05 - 2017-12-29 16:23 - 000385064 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll 2017-12-30 16:01 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-30 16:00 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-12-23 16:55 - 2016-03-09 16:18 - 000049664 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniIO.dll 2018-01-08 21:15 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll 2018-01-08 21:15 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll 2017-12-08 10:22 - 2017-12-08 10:22 - 000102088 _____ () C:\Users\sylvania\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll 2016-12-24 12:52 - 2018-01-17 15:15 - 068214160 _____ () C:\Users\sylvania\AppData\Roaming\Spotify\libcef.dll 2016-12-24 12:52 - 2018-01-17 15:15 - 003112848 _____ () C:\Users\sylvania\AppData\Roaming\Spotify\libglesv2.dll 2016-12-24 12:52 - 2018-01-17 15:15 - 000089488 _____ () C:\Users\sylvania\AppData\Roaming\Spotify\libegl.dll 2017-09-10 15:51 - 2017-09-10 15:51 - 000798208 _____ () C:\Users\sylvania\AppData\Local\MEGAsync\libsodium.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-12-21 20:42 - 2018-01-16 10:30 - 000038371 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 gf.tools.avast.com 127.0.0.1 pair.ff.avast.com 127.0.0.1 ipm-provider.ff.avast.com 127.0.0.1 ipm-provider.ff.avast.com 127.0.0.1 ipm-provider.ff.avast.com 127.0.0.1 id.avast.com 127.0.0.1 v4618535.iavs9x.u.avast.com 127.0.0.1 v4618535.ivps9x.u.avast.com 127.0.0.1 v4618535.ivps9tiny.u.avast.com 127.0.0.1 v4618535.vpsnitro.u.avast.com 127.0.0.1 v4618535.vpsnitrotiny.u.avast.com 127.0.0.1 v4618535.iavs5x.u.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7event.stats.avast.com 127.0.0.1 sm00.avast.com 127.0.0.1 submit5.avast.com 127.0.0.1 geoip.avast.com 127.0.0.1 w9448963.iavs9x.u.avast.com 127.0.0.1 w9448963.ivps9x.u.avast.com 127.0.0.1 w9448963.ivps9tiny.u.avast.com 127.0.0.1 w9448963.vpsnitro.u.avast.com 127.0.0.1 w9448963.vpsnitrotiny.u.avast.com 127.0.0.1 w9448963.iavs5x.u.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7event.stats.avast.com 127.0.0.1 sm00.avast.com 127.0.0.1 submit5.avast.com 127.0.0.1 geoip.avast.com There are 1055 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2400762992-834235184-972392584-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sylvania\Pictures\fotos cell syl\CAM01711 - Copy.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => ".ggmappltlpggm.vbs" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton" HKLM\...\StartupApproved\Run: => "ggmUEU1TWs" HKLM\...\StartupApproved\Run: => "AvastUI.exe" HKLM\...\StartupApproved\Run: => "maverickssamia" HKLM\...\StartupApproved\Run: => "mavericksmavericks" HKLM\...\StartupApproved\Run: => "mavericks" HKLM\...\StartupApproved\Run: => "KICTHEN" HKLM\...\StartupApproved\Run32: => "hanfordhagan" HKLM\...\StartupApproved\Run32: => "hanfordhanford" HKLM\...\StartupApproved\Run32: => "hanford" HKLM\...\StartupApproved\Run32: => "SpywareTerminatorUpdater" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wantingwanting.lnk" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wanting.lnk" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "1ezVUuyAC.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "2qAwaduHQc.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "A2SOzXsXASHIih.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "BDVSGFEEIN.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "c3NJhEdNA.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "CCHRXSFIFC.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "FrostyCherry" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "dolsaw" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "countenanced" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "LxmtWX1cwxxn.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "QKASIHBDFV.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "qygYsJujJArPui.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "sfoNwY4W.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "tyBPdA2maz.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "vibrators" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B2B90136-512B-4E56-85FD-FF2EBD02AB76}] => (Allow) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE FirewallRules: [TCP Query User{934C87D7-ADAA-4815-9EE4-FDE5A1E6348A}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{52F64507-B5D9-465F-B4C2-E1FB5E09DE96}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{181F6794-D2A1-4217-9519-D624A15F8E2A}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe FirewallRules: [UDP Query User{19372658-74E9-4ED9-B43C-82399E792318}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe FirewallRules: [TCP Query User{AE7AFA1E-6405-4BB7-93A4-45F1E0445A08}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A0A153EE-54A3-4249-A81C-D082B39C8AEA}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C6D029D4-AA20-4075-A4A7-7D9B1759BAB3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{3D5B859C-7B85-4C14-9BAB-64A9BA4A0CA5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{3B367B0E-446B-4465-AEB5-CA874FB401B3}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{B1C92FA6-D2C1-4DF9-A6F1-DC8C26F28E0E}] => (Allow) C:\Windows\System32\rundll32.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Teclast System Firmware 303 Description: Teclast System Firmware 303 Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52} Manufacturer: Teclast Service: Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2018 12:52:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 63.0.3239.132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 37c Start Time: 01d392dee311d922 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 4b9e16a8-8d68-4025-b95f-eb9a816c69ce Faulting package full name: Faulting package-relative application ID: Error: (01/21/2018 12:26:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program uTorrent.exe version 3.5.1.44332 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3030 Start Time: 01d392dcd60e2dfb Termination Time: 4294967295 Application Path: C:\Users\sylvania\AppData\Roaming\uTorrent\uTorrent.exe Report Id: c9dd7a3c-ac69-4c5c-bd79-34c7c6f62144 Faulting package full name: Faulting package-relative application ID: Error: (01/21/2018 12:25:13 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (01/21/2018 12:13:39 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/20/2018 10:22:51 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4) Error: (01/20/2018 05:55:45 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4) Error: (01/20/2018 12:49:49 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (01/20/2018 12:01:48 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (01/20/2018 01:22:14 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/19/2018 10:11:26 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) System errors: ============= Error: (01/21/2018 12:40:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/21/2018 12:40:12 PM) (Source: DCOM) (EventID: 10016) (User: KICTHEN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user kicthen\sylvania SID (S-1-5-21-2400762992-834235184-972392584-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/21/2018 12:35:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/21/2018 12:27:04 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (01/21/2018 12:27:04 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (01/21/2018 12:26:46 PM) (Source: DCOM) (EventID: 10016) (User: KICTHEN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user kicthen\sylvania SID (S-1-5-21-2400762992-834235184-972392584-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2018-01-15 17:29:23.261 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 16:19:58.363 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 16:19:58.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 14:23:21.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 14:23:20.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:29:05.085 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:24:16.277 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:18:03.919 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:18:03.546 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 12:28:05.553 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz Percentage of memory in use: 54% Total physical RAM: 8109.69 MB Available physical RAM: 3694.88 MB Total Virtual: 16301.69 MB Available Virtual: 10598.46 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:860 GB) (Free:529.29 GB) NTFS Drive k: (Backup) (Fixed) (Total:59.37 GB) (Free:13.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: C0819675) Partition: GPT. ==================== End of Addition.txt ============================