Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 Ran by sylvania (24-01-2018 20:41:31) Running from C:\Users\sylvania\Desktop Windows 10 Home Version 1709 16299.192 (X64) (2017-12-29 20:52:05) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2400762992-834235184-972392584-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2400762992-834235184-972392584-503 - Limited - Disabled) Guest (S-1-5-21-2400762992-834235184-972392584-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2400762992-834235184-972392584-1003 - Limited - Enabled) sylvania (S-1-5-21-2400762992-834235184-972392584-1001 - Administrator - Enabled) => C:\Users\sylvania WDAGUtilityAccount (S-1-5-21-2400762992-834235184-972392584-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) Adobe Reader XI (11.0.23) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform) CrystalDiskMark 5.5.0 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.5.0 - Crystal Dew World) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM-x32\...\{076D9EC4-5DF0-3179-AB3E-33D96C705980}) (Version: 63.0.3239.132 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Main Services (HKLM-x32\...\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}) (Version: 1.2.9 - System Native) Hidden <==== ATTENTION Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.) RogueKiller version 12.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.1.0 - Adlice Software) Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung ) Spotify (HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.) Update for Skype for Business 2016 (KB4011623) 64-Bit Edition (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}_Office16.STANDARD_{1C1EDA98-E4A1-4D14-BA2F-2C5D7366373A}) (Version: - Microsoft) Windows Driver Package - AMD (amdkmpfd) System (08/29/2016 16.40.0.0000) (HKLM\...\8A3FB89402FAD77EBB8F2812861E1F298156098C) (Version: 08/29/2016 16.40.0.0000 - AMD) Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Driver Package - Intel (ICCWDT) System (03/13/2016 11.0.0.1010) (HKLM\...\262F224EEDD1DB9B9F2CC1808546760F1633498C) (Version: 03/13/2016 11.0.0.1010 - Intel) Windows Driver Package - Intel (MEIx64) System (09/15/2016 11.6.0.1032) (HKLM\...\E206CA2BD4638C0CFF7D6D2C71F67F757D5FBCE2) (Version: 09/15/2016 11.6.0.1032 - Intel) Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\12B3AEBAC72FCBF7760C5BE0C978D67FCCF66C3A) (Version: 10/03/2016 10.1.1.38 - INTEL) Windows Driver Package - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\97077B7F26CCDFC1BC77C772D0AE8623934004EB) (Version: 10/03/2016 10.1.1.38 - INTEL) Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (07/14/2016 6.2.84.276) (HKLM\...\4793ED4F0CFB9806CAB4A59B5B74C1F5AADEDF1A) (Version: 07/14/2016 6.2.84.276 - IVT Corporation) Windows Driver Package - LG Electronics Inc. (Serial) Ports (03/05/2015 6.3.9600.4) (HKLM\...\23D08292B2639E56E3531B935E22B475F6700AAA) (Version: 03/05/2015 6.3.9600.4 - LG Electronics Inc.) Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (08/11/2016 10.0.0.345) (HKLM\...\4082E5FB23D5C8B55E96800A42966C93C3ED3D94) (Version: 08/11/2016 10.0.0.345 - Qualcomm Atheros Communications Inc.) Windows Driver Package - Realtek (rt640x64) Net (10/07/2016 10.012.1007.2016) (HKLM\...\307C1523E32D7B4E2A9F1BC356413497659E6906) (Version: 10/07/2016 10.012.1007.2016 - Realtek) Windows Driver Package - Realtek Semiconduct Corp. (RSPCIESTOR) MTD (11/05/2015 10.0.10240.28159) (HKLM\...\6870E744E53EC74395FFE6CAA6114157F9450CEC) (Version: 11/05/2015 10.0.10240.28159 - Realtek Semiconduct Corp.) Windows Driver Package - Render (rdacpi) HIDClass (07/12/2016 15.58.20.163) (HKLM\...\8BE61485D5A6FEB86C5ED05D99B4964F68536448) (Version: 07/12/2016 15.58.20.163 - Render) Windows Driver Package - Teclast Firmware (04/07/2016 10.0.10240.303) (HKLM\...\BB3851F92871768FAB22254B67079ABA44D42801) (Version: 04/07/2016 10.0.10240.303 - Teclast) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-29] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A022759-4106-46EC-97B4-5D69522805C9} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2400762992-834235184-972392584-1001 => C:\Users\sylvania\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-19] (Mega Limited) Task: {614C7D24-8119-46C9-9C98-06D5305DDBA5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.) Task: {62986C60-682D-47A7-A3F2-6336A0A7AB7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {68CF6E51-74BE-43CE-9238-85E11C41F4BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {7F9D066E-48E2-4862-8FBF-574045C8EFD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {83159E77-F866-4CC2-A5CE-30CC6658AEE4} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION Task: {8BB084E7-85D8-4507-8DF4-F3F20D469DC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {8E5EC416-0C21-4461-8421-B0F4358DE3DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.) Task: {93280F81-3705-4A55-A07B-D336A1D8F511} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd) Task: {96AB4E49-0CE9-44A5-9C24-1AAA847DC502} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd) Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {BAAECB41-A9EC-4047-9C22-CD622CF36588} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {C49FE0E1-70A6-47B0-A5A9-D8DEE2C5DA95} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-29] (Realtek Semiconductor) Task: {C70A1192-21DA-4F4A-8558-E0B01ECE7D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.) Task: {D2B1447E-6916-4CB5-9CD4-720492C2B7AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.) Task: {D4F6157E-D830-44F8-B496-5A21B41C7435} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {DE4C0667-416B-47F0-B292-A72E3DB25C0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.) Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {FC9165A1-9AFD-4386-ACD2-80B6F4924291} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\sylvania\Desktop\HPC07DC0 (HP ENVY 7640 series) - Shortcut.lnk -> hxxp://192.168.223. ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () C:\Users\sylvania\AppData\Local\MEGAsync\ShellExtX64.dll 2017-07-11 07:03 - 2017-07-11 07:03 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-12-30 16:01 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-30 16:00 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-01-18 16:26 - 2018-01-18 17:57 - 000015360 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe 2018-01-18 16:26 - 2018-01-18 17:56 - 007322624 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll 2018-01-18 16:26 - 2018-01-18 17:56 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-01-18 16:26 - 2018-01-18 17:56 - 000023552 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\SkuInterop.dll 2016-12-21 20:17 - 2016-12-21 20:17 - 000200704 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.7.3462.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2400762992-834235184-972392584-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sylvania\Pictures\fotos cell syl\CAM01711 - Copy.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => ".ggmappltlpggm.vbs" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton" HKLM\...\StartupApproved\Run: => "ggmUEU1TWs" HKLM\...\StartupApproved\Run: => "AvastUI.exe" HKLM\...\StartupApproved\Run: => "maverickssamia" HKLM\...\StartupApproved\Run: => "mavericksmavericks" HKLM\...\StartupApproved\Run: => "mavericks" HKLM\...\StartupApproved\Run: => "KICTHEN" HKLM\...\StartupApproved\Run32: => "hanfordhagan" HKLM\...\StartupApproved\Run32: => "hanfordhanford" HKLM\...\StartupApproved\Run32: => "hanford" HKLM\...\StartupApproved\Run32: => "SpywareTerminatorUpdater" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKLM\...\StartupApproved\Run32: => "SDTray" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wantingwanting.lnk" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\StartupFolder: => "wanting.lnk" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "1ezVUuyAC.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "2qAwaduHQc.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "A2SOzXsXASHIih.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "BDVSGFEEIN.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "c3NJhEdNA.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "CCHRXSFIFC.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "FrostyCherry" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "dolsaw" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "countenanced" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "LxmtWX1cwxxn.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "QKASIHBDFV.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "qygYsJujJArPui.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "sfoNwY4W.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "tyBPdA2maz.exe" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "vibrators" HKU\S-1-5-21-2400762992-834235184-972392584-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B2B90136-512B-4E56-85FD-FF2EBD02AB76}] => (Allow) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE FirewallRules: [TCP Query User{934C87D7-ADAA-4815-9EE4-FDE5A1E6348A}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{52F64507-B5D9-465F-B4C2-E1FB5E09DE96}C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sylvania\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{181F6794-D2A1-4217-9519-D624A15F8E2A}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe FirewallRules: [UDP Query User{19372658-74E9-4ED9-B43C-82399E792318}C:\program files\samsung\samsung link\samsung link tray agent.exe] => (Allow) C:\program files\samsung\samsung link\samsung link tray agent.exe FirewallRules: [TCP Query User{AE7AFA1E-6405-4BB7-93A4-45F1E0445A08}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A0A153EE-54A3-4249-A81C-D082B39C8AEA}C:\users\sylvania\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sylvania\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C6D029D4-AA20-4075-A4A7-7D9B1759BAB3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{3D5B859C-7B85-4C14-9BAB-64A9BA4A0CA5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{AE0ED82B-1916-4B86-A7C3-6C7A2C40A38B}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{E131AF14-81A1-4A83-B0E4-A7EC45A3C5BF}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{979C62DE-2F12-4F55-B659-854A42A0218A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E8501E6B-F361-4FA3-BA39-A66B0CD29EE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AEF8BE3C-A8CA-4521-9C9D-FDC4E362EE40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Teclast System Firmware 303 Description: Teclast System Firmware 303 Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52} Manufacturer: Teclast Service: Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/24/2018 08:28:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 10.0.16299.15, time stamp: 0xc7c54b6c Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514 Exception code: 0xc0000005 Fault offset: 0x0000000000097c77 Faulting process id: 0x1d94 Faulting application start time: 0x01d3957bb88776ed Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 3344e1c9-c961-4382-9351-01296e6fb9f4 Faulting package full name: Faulting package-relative application ID: Error: (01/24/2018 08:28:36 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (01/24/2018 08:28:36 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (01/24/2018 08:28:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (01/24/2018 08:28:17 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (01/24/2018 12:26:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/23/2018 11:40:46 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (01/23/2018 11:13:01 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (01/23/2018 10:21:58 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (01/23/2018 10:14:36 PM) (Source: TrueKey) (EventID: 0) (User: ) Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty. Use :memory: to open an in-memory database at System.Data.SQLite.SQLiteConnection.Open() at McAfee.YAP.Service.Data.McBioSQLite.GetConnection() at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value) at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode() at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription) at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) System errors: ============= Error: (01/24/2018 08:41:47 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (01/24/2018 08:41:41 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (01/24/2018 08:41:29 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (01/24/2018 08:41:26 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (01/24/2018 08:40:26 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (01/24/2018 08:40:18 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (01/24/2018 08:40:09 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (01/24/2018 08:39:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030} Error: (01/24/2018 08:39:17 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/24/2018 08:39:16 PM) (Source: DCOM) (EventID: 10005) (User: KICTHEN) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} CodeIntegrity: =================================== Date: 2018-01-15 17:29:23.261 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 16:19:58.363 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 16:19:58.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 14:23:21.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 14:23:20.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:29:05.085 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:24:16.277 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:18:03.919 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\2f641411f06be6e478c27aeaa8a5b4d5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 13:18:03.546 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-15 12:28:05.553 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\NetUtils2016.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz Percentage of memory in use: 24% Total physical RAM: 8109.69 MB Available physical RAM: 6108.23 MB Total Virtual: 16301.69 MB Available Virtual: 14548.35 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:860 GB) (Free:540.71 GB) NTFS Drive k: (Backup) (Fixed) (Total:59.37 GB) (Free:13.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: C0819675) Partition: GPT. ==================== End of Addition.txt ============================