Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

well i rly did it this time, 10 viruses, 56 malware!?!?! [


  • This topic is locked This topic is locked

#16
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

well that worked out surprisingly well.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by User (13-02-2019 18:26:46) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh
S3 fimpsv; system32\drivers\lpsvyc.sys [X]
C:\windows\system32\drivers\lpsvyc.sys
Unlock: C:\Windows\system32\Drivers\cwdpswzc.sys
C:\Windows\system32\Drivers\cwdpswzc.sys
FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File
HOSTS:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
Could not restore Default URLSearchHook.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh" => not found
HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh => not found
fimpsv => service not found.
"C:\windows\system32\drivers\lpsvyc.sys" => not found
"C:\Windows\system32\Drivers\cwdpswzc.sys" => not found
"C:\Windows\system32\Drivers\cwdpswzc.sys" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75639549-03F4-48AD-B4A3-8309F5389A0F}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42933779 B
Java, Flash, Steam htmlcache => 1308 B
Windows/system/drivers => 745033 B
Edge => 0 B
Chrome => 545319610 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
User => 244933464 B
 
RecycleBin => 0 B
EmptyTemp: => 803.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:27:37 ====

  • 0

Advertisements


#17
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Please run a new scan with FRST from normal mode, and copy/paste both logs into your reply.

Thanks.
  • 0

#18
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by User (administrator) on USER-PC (13-02-2019 19:50:19)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\non-os\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVAST Software) C:\non-os\Avast\aswidsagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(AVAST Software) C:\non-os\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Temp\scoped_dir6140_29620\old_chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\programs\OS Tools\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\PROCEXP64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-13] (Google LLC -> Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] ()
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-13]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh <==== ATTENTION (Rootkit!)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 qtwzdg; system32\drivers\wzdgjm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-13 19:18 - 2019-02-13 19:44 - 000021351 _____ C:\Users\User\Desktop\Addition.txt
2019-02-13 19:17 - 2019-02-13 19:50 - 000018730 _____ C:\Users\User\Desktop\FRST.txt
2019-02-13 18:43 - 2019-02-13 18:48 - 148752487 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_03.exe
2019-02-13 18:29 - 2019-02-13 18:29 - 000148816 ____N C:\Windows\system32\Drivers\cwdruxbe.sys
2019-02-13 18:26 - 2019-02-13 18:27 - 000003389 _____ C:\Users\User\Desktop\Fixlog.txt
2019-02-12 23:30 - 2019-02-12 23:30 - 000003344 ____N C:\bootsqm.dat
2019-02-12 23:29 - 2019-02-12 23:29 - 000000000 __SHD C:\found.000
2019-02-12 00:42 - 2019-02-12 00:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-12 00:40 - 2019-02-12 00:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup
2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod
2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-13 19:47 - 2009-07-13 21:34 - 019873792 _____ C:\Windows\system32\config\HARDWARE
2019-02-13 19:17 - 2018-12-26 21:18 - 000000000 ____D C:\FRST
2019-02-13 18:41 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-13 18:41 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-13 18:35 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-13 18:34 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-13 18:32 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-13 18:27 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-13 18:26 - 2018-10-12 19:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 23:22 - 2018-11-03 21:52 - 000910342 _____ C:\Windows\ntbtlog.txt
2019-02-12 22:26 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-11 21:36 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-11 21:36 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak
2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== Files in the root of some directories =======
 
2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2019-02-13 19:33 - 2019-02-13 19:34 - 001458856 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\PROCEXP64.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cwdruxbe.sys -> Access Denied <======= ATTENTION
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by User (13-02-2019 19:50:55)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.4.0.1.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.4.0.1.03 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3 PRO - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0174FE8C-A0CF-46B3-B938-7630C1ECC3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0C21FBD4-0AFD-412C-842E-8ED3417942F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {E6F32968-0213-4D6D-898C-CC243D51FCE1} - System32\Tasks\Avast Emergency Update => C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eafae96818e1883\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-02-08 05:22 - 2019-02-08 05:22 - 000654216 _____ () C:\non-os\Avast\streamback.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000321928 _____ () C:\non-os\Avast\serialization.dll
2019-02-13 18:21 - 2019-02-13 18:21 - 006877328 _____ () C:\non-os\Avast\defs\19021304\algo64.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000556936 _____ () C:\non-os\Avast\gui_cache.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 002024840 _____ () C:\non-os\Avast\shepherdsync.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2019-01-06 06:19 - 2019-01-06 06:19 - 093695912 _____ () C:\non-os\Avast\libcef.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2019-02-13 18:27 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\non-os\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc -> Google Inc.)
FirewallRules: [{5CC1D8DE-53FE-4676-9806-98AA78CBA5B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1082144C-4AB0-4097-AE33-497ACC3AED5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F340EBE-F9EC-4CA5-B371-E454FB6B967B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C88F9AE-E3A6-4EB7-B6EE-EBC115CED021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{607B9A66-5F97-4728-B6ED-C161DA13D4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C627DD23-1741-49C5-9D0B-90860D6BF701}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [UDP Query User{0586A64D-566E-4700-B9D3-464B39902344}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{D4704BBE-0CFE-4BB8-A9B6-4390C2A3BB81}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{E86DC197-210B-4146-AA71-9DAFEE56F332}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{6EB8FEA4-E0CE-4CBC-8C51-DE2A359AB171}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EB38BA06-F044-45F0-8E05-8CF207CAC57E}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2A48BF9C-EBD8-4416-8027-3DF2FA1EBE47}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{47AA7DF3-D911-4A4E-88CD-B801E7250B30}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{93D8C5FC-A6D1-4325-AE0D-E94D1ADA586E}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{65EF0972-7182-4D16-8A1F-AD6D5C90ABFB}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B3B26794-6F84-4ECA-A1D3-68D9C96E0ECF}] => (Allow) C:\non-os\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D94D36F-A5AA-4B29-B7C2-B92CB0FE7530}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{033E27C5-B27E-4B3D-9070-7E5B6FB5C3A5}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A87C6766-180F-4E11-8AC5-4B6B145FD6D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 

  • 0

#19
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Looks like some of the malware is still left over. We'll have to run a fix from the Recovery Environment, which should remove the rest of this infection.

Earlier you said you had trouble downloading files. Please confirm that you are able to download the attached fixlist.txt file, and save it to your USB flash drive.



Thanks.

Attached Files


  • 0

#20
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

i successfully downloaded the file. before it was giving me a no permission or something error. i ran the fixlist. heres the results.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by SYSTEM (13-02-2019 20:38:09) Run:3
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\sdzvlh
S3 qtwzdg; system32\drivers\wzdgjm.sys [X]
C:\Windows\system32\drivers\wzdgjm.sys
Unlock: C:\Windows\system32\Drivers\cwdruxbe.sys
C:\Windows\system32\Drivers\cwdruxbe.sys
*****************
 
HKLM\SYSTEM\ControlSet001\Services\sdzvlh => removed successfully
qtwzdg => service not found.
"C:\Windows\system32\drivers\wzdgjm.sys" => not found
"C:\Windows\system32\Drivers\cwdruxbe.sys" => not found
"C:\Windows\system32\Drivers\cwdruxbe.sys" => not found
 
==== End of Fixlog 20:38:09 ====

  • 0

#21
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Excellent! Please launch FRST again from the Recovery Environment, and click Scan.

When the scan is complete the tool will create a log on the USB flash drive (Fixlog.txt) Please post it in your next reply.

Thanks.
  • 0

#22
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by SYSTEM on MININT-NSN66KP (13-02-2019 21:08:04)
Running from f:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\User\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\User\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\User\...\Policies\system: [NoDispScrSavPage] 0
HKU\User\...\Policies\system: [NoDispAppearancePage] 0
HKU\User\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\User\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\User\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\User\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\User\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\User\...\Policies\Explorer: [NoThemesTab] 1
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-10] (Intel Corporation -> )
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-13 17:34 - 2019-02-13 17:34 - 000148816 ____N C:\Windows\System32\Drivers\cwdosvyc.sys
2019-02-13 17:27 - 2019-02-13 17:27 - 000000228 _____ C:\Users\User\Desktop\fixlist.txt
2019-02-13 15:43 - 2019-02-13 15:48 - 148752487 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_03.exe
2019-02-12 20:30 - 2019-02-12 20:30 - 000003344 ____N C:\bootsqm.dat
2019-02-12 20:29 - 2019-02-12 20:29 - 000000000 __SHD C:\found.000
2019-02-11 21:42 - 2019-02-11 21:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-11 21:41 - 2019-02-11 21:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-11 21:41 - 2019-02-11 21:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-11 21:40 - 2019-02-11 21:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 13:34 - 2019-02-10 17:47 - 000261032 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2019-02-10 09:06 - 2019-02-08 02:22 - 000362888 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2019-02-08 19:55 - 2019-02-08 19:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 17:21 - 2019-02-08 17:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2019-02-08 17:21 - 2019-02-08 17:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-07 22:00 - 2019-02-10 03:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-07 21:43 - 2019-02-07 21:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-07 21:43 - 2019-02-07 21:43 - 000000000 ____D C:\RegBackup
2019-01-27 13:22 - 2019-01-27 13:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 13:22 - 2019-01-27 13:22 - 000000000 ____D C:\Program Files\iPod
2019-01-16 16:58 - 2019-01-16 16:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-01-14 07:20 - 2019-02-08 02:21 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys
2019-01-14 07:20 - 2019-02-08 02:21 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\asw29e12adc2b8c9717.tmp
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-13 21:08 - 2018-12-26 18:18 - 000000000 ____D C:\FRST
2019-02-13 17:52 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-13 17:52 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-13 17:45 - 2009-07-13 21:13 - 000783606 _____ C:\Windows\System32\PerfStringBackup.INI
2019-02-13 17:45 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2019-02-13 17:40 - 2018-12-31 13:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-13 17:39 - 2018-02-12 20:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-13 17:39 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-13 17:34 - 2009-07-13 18:34 - 019873792 _____ C:\Windows\System32\config\HARDWARE
2019-02-13 15:27 - 2018-12-13 18:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-13 15:26 - 2018-10-12 16:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 20:22 - 2018-11-03 18:52 - 000910342 _____ C:\Windows\ntbtlog.txt
2019-02-12 19:26 - 2018-08-24 17:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-10 13:33 - 2018-02-13 17:36 - 000152688 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2019-02-09 15:51 - 2009-07-13 21:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 00:23 - 2018-07-04 08:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 20:24 - 2018-02-13 14:27 - 000000000 ____D C:\non-os
2019-02-08 19:57 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2019-02-08 19:15 - 2018-02-13 14:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArDisk.sys
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswblog.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsh.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniv.sys
2019-02-08 02:00 - 2018-02-13 15:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 16:53 - 2009-07-13 18:34 - 086769664 _____ C:\Windows\System32\config\software.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 020447232 _____ C:\Windows\System32\config\system.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 001572864 _____ C:\Windows\System32\config\default.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000028672 _____ C:\Windows\System32\config\sam.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000024576 _____ C:\Windows\System32\config\security.rcbak
2019-02-02 16:52 - 2009-07-13 18:34 - 046661632 _____ C:\Windows\System32\config\components.rcbak
2019-02-02 15:26 - 2018-12-09 10:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-01 21:07 - 2018-02-13 15:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 03:40 - 2018-02-13 15:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 03:03 - 2018-06-26 16:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== KnownDLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-03-22 17:35] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-11-13 16:48] - [2018-11-10 17:25] - 000516608 _____ (Microsoft Corporation) C4AF5F835F7F88235FBBB5E5A8380988
 
C:\Windows\System32\dnsapi.dll
[2018-07-10 16:02] - [2018-06-08 08:19] - 000357888 _____ (Microsoft Corporation) 9B86DF86D1EFF32893BC3FB49BFAA993
 
C:\Windows\SysWOW64\dnsapi.dll
[2018-07-10 16:02] - [2018-06-08 07:54] - 000269824 _____ (Microsoft Corporation) 4A35D7B172AFF9C6B362D7297568836A
 
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\InputHost.dll IS MISSING <==== ATTENTION
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2019-02-13 15:27
Restore point date: 2019-02-13 17:49
Restore point date: 2019-02-13 17:53
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8080.36 MB
Available physical RAM: 7183.77 MB
Total Virtual: 8078.56 MB
Available Virtual: 7152.64 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:811.56 GB) NTFS
Drive f: (Windows 7) (Removable) (Total:7.26 GB) (Free:7.19 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)
 
LastRegBack: 2019-02-01 22:38
 
==================== End of FRST.txt ============================

  • 0

#23
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Open notepad, and copy the contents of the code box into the Notepad window.

C:\Windows\System32\Drivers\cwdosvyc.sys
Click on File > Save and save the file as fixlist.txt to your USB flash drive.

Boot to the Recovery Environment again, and launch FRST. Click on Fix.

When the fix is complete, the tool will create a log called fixlog.txt on the USB drive. Please post its contents into your next reply.

Thanks.
  • 0

#24
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

rresults of fixlist, follow by new scan in recovery, followed by new frst and addition scans in normal, and they actually completed!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by SYSTEM (14-02-2019 00:27:09) Run:4
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
C:\Windows\System32\Drivers\cwdosvyc.sys
*****************
 
C:\Windows\System32\Drivers\cwdosvyc.sys => moved successfully
 
==== End of Fixlog 00:27:09 ====
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by SYSTEM on MININT-QSP2GO7 (14-02-2019 00:27:22)
Running from f:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\User\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\User\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\User\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\User\...\Policies\system: [NoDispScrSavPage] 0
HKU\User\...\Policies\system: [NoDispAppearancePage] 0
HKU\User\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\User\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\User\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\User\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\User\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\User\...\Policies\Explorer: [NoThemesTab] 1
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-10] (Intel Corporation -> )
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-13 15:43 - 2019-02-13 15:48 - 148752487 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_03.exe
2019-02-12 20:29 - 2019-02-12 20:29 - 000000000 __SHD C:\found.000
2019-02-11 21:42 - 2019-02-11 21:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-11 21:41 - 2019-02-11 21:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-11 21:41 - 2019-02-11 21:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-11 21:40 - 2019-02-11 21:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 13:34 - 2019-02-10 17:47 - 000261032 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2019-02-10 09:06 - 2019-02-08 02:22 - 000362888 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2019-02-08 19:55 - 2019-02-08 19:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 17:21 - 2019-02-08 17:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2019-02-08 17:21 - 2019-02-08 17:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2019-02-08 17:21 - 2019-02-08 17:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2019-02-08 17:21 - 2019-02-08 17:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-07 22:00 - 2019-02-10 03:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-07 21:43 - 2019-02-07 21:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-07 21:43 - 2019-02-07 21:43 - 000000000 ____D C:\RegBackup
2019-01-27 13:22 - 2019-01-27 13:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 13:22 - 2019-01-27 13:22 - 000000000 ____D C:\Program Files\iPod
2019-01-16 16:58 - 2019-01-16 16:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-14 00:27 - 2018-12-26 18:18 - 000000000 ____D C:\FRST
2019-02-13 18:33 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-13 18:33 - 2009-07-13 20:45 - 000026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-13 18:13 - 2018-12-31 13:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-13 18:12 - 2018-02-12 20:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-13 18:12 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-13 17:45 - 2009-07-13 21:13 - 000783606 _____ C:\Windows\System32\PerfStringBackup.INI
2019-02-13 17:45 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2019-02-13 17:34 - 2009-07-13 18:34 - 019873792 _____ C:\Windows\System32\config\HARDWARE
2019-02-13 15:27 - 2018-12-13 18:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-13 15:26 - 2018-10-12 16:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 20:22 - 2018-11-03 18:52 - 000910342 _____ C:\Windows\ntbtlog.txt
2019-02-12 19:26 - 2018-08-24 17:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-10 13:33 - 2018-02-13 17:36 - 000152688 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2019-02-09 15:51 - 2009-07-13 21:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 00:23 - 2018-07-04 08:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 20:24 - 2018-02-13 14:27 - 000000000 ____D C:\non-os
2019-02-08 19:57 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2019-02-08 19:15 - 2018-02-13 14:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArDisk.sys
2019-02-08 02:22 - 2019-01-06 03:20 - 000037104 _____ (AVAST Software) C:\Windows\System32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 001034432 _____ (AVAST Software) C:\Windows\System32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000474456 _____ (AVAST Software) C:\Windows\System32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000379952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000216784 _____ (AVAST Software) C:\Windows\System32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000205400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000167304 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000112312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000087944 _____ (AVAST Software) C:\Windows\System32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2019-02-08 02:22 - 2018-12-13 18:41 - 000042288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 02:21 - 2019-01-14 07:20 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdriver.sys
2019-02-08 02:21 - 2019-01-14 07:20 - 000225680 _____ (AVAST Software) C:\Windows\System32\Drivers\asw29e12adc2b8c9717.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswblog.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000320696 _____ (AVAST Software) C:\Windows\System32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000196072 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsh.sys
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 02:21 - 2019-01-06 03:20 - 000057960 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniv.sys
2019-02-08 02:00 - 2018-02-13 15:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 16:53 - 2009-07-13 18:34 - 086769664 _____ C:\Windows\System32\config\software.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 020447232 _____ C:\Windows\System32\config\system.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 001572864 _____ C:\Windows\System32\config\default.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000028672 _____ C:\Windows\System32\config\sam.rcbak
2019-02-02 16:53 - 2009-07-13 18:34 - 000024576 _____ C:\Windows\System32\config\security.rcbak
2019-02-02 16:52 - 2009-07-13 18:34 - 046661632 _____ C:\Windows\System32\config\components.rcbak
2019-02-02 15:26 - 2018-12-09 10:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-01 21:07 - 2018-02-13 15:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 03:40 - 2018-02-13 15:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 03:03 - 2018-06-26 16:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== KnownDLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-03-22 17:35] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-11-13 16:48] - [2018-11-10 17:25] - 000516608 _____ (Microsoft Corporation) C4AF5F835F7F88235FBBB5E5A8380988
 
C:\Windows\System32\dnsapi.dll
[2018-07-10 16:02] - [2018-06-08 08:19] - 000357888 _____ (Microsoft Corporation) 9B86DF86D1EFF32893BC3FB49BFAA993
 
C:\Windows\SysWOW64\dnsapi.dll
[2018-07-10 16:02] - [2018-06-08 07:54] - 000269824 _____ (Microsoft Corporation) 4A35D7B172AFF9C6B362D7297568836A
 
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\InputHost.dll IS MISSING <==== ATTENTION
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2019-02-13 15:27
Restore point date: 2019-02-13 17:49
Restore point date: 2019-02-13 19:15
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8080.36 MB
Available physical RAM: 7181.09 MB
Total Virtual: 8078.56 MB
Available Virtual: 7146.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:810.43 GB) NTFS
Drive f: (Windows 7) (Removable) (Total:7.26 GB) (Free:7.19 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)
 
LastRegBack: 2019-02-13 19:12
 
==================== End of FRST.txt ============================
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by User (administrator) on USER-PC (14-02-2019 00:31:42)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\non-os\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\non-os\Avast\aswidsagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\non-os\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer: [NoTaskGrouping] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-13] (Google LLC -> Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] ()
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] ()
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-14]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-13]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-14 00:31 - 2019-02-14 00:33 - 000018134 _____ C:\Users\User\Desktop\FRST.txt
2019-02-13 18:43 - 2019-02-13 18:48 - 148752487 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.1_03.exe
2019-02-12 23:29 - 2019-02-12 23:29 - 000000000 __SHD C:\found.000
2019-02-12 00:42 - 2019-02-12 00:42 - 000082015 _____ C:\Users\User\Desktop\mobo rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000141660 _____ C:\Users\User\Desktop\cpu h20 cooler rebate.pdf
2019-02-12 00:41 - 2019-02-12 00:41 - 000112276 _____ C:\Users\User\Desktop\vid card rebate.pdf
2019-02-12 00:40 - 2019-02-12 00:40 - 000023096 _____ C:\Users\User\Desktop\power supply rebate.pdf
2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools
2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup
2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod
2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-14 00:31 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive
2019-02-14 00:31 - 2018-12-26 21:18 - 000000000 ____D C:\FRST
2019-02-14 00:29 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2019-02-14 00:29 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-13 21:33 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-13 21:33 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-13 20:45 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-13 20:45 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-02-13 20:34 - 2009-07-13 21:34 - 019873792 _____ C:\Windows\system32\config\HARDWARE
2019-02-13 18:27 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-02-13 18:26 - 2018-10-12 19:53 - 002433536 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-02-12 23:22 - 2018-11-03 21:52 - 000910342 _____ C:\Windows\ntbtlog.txt
2019-02-12 22:26 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp
2019-02-08 05:21 - 2019-01-14 10:20 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-02-08 05:21 - 2019-01-14 10:20 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp
2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak
2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour
2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager
2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer
 
==================== Files in the root of some directories =======
 
2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-13 22:12
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by User (14-02-2019 00:34:00)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.4.0.1.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.4.0.1.03 - Aslain)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.3 PRO - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\non-os\Avast\ashShell.dll [2019-02-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0174FE8C-A0CF-46B3-B938-7630C1ECC3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0C21FBD4-0AFD-412C-842E-8ED3417942F5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {E6F32968-0213-4D6D-898C-CC243D51FCE1} - System32\Tasks\Avast Emergency Update => C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eafae96818e1883\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-02-08 05:22 - 2019-02-08 05:22 - 000654216 _____ () C:\non-os\Avast\streamback.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000321928 _____ () C:\non-os\Avast\serialization.dll
2019-02-13 18:21 - 2019-02-13 18:21 - 006877328 _____ () C:\non-os\Avast\defs\19021304\algo64.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 000556936 _____ () C:\non-os\Avast\gui_cache.dll
2019-02-08 05:22 - 2019-02-08 05:22 - 002024840 _____ () C:\non-os\Avast\shepherdsync.dll
2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2019-02-13 18:27 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: DDVCollectorSvcApi => 2
MSCONFIG\Services: DDVDataCollector => 2
MSCONFIG\Services: DDVRulesProcessor => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\non-os\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Google Inc -> Google Inc.)
FirewallRules: [{5CC1D8DE-53FE-4676-9806-98AA78CBA5B3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1082144C-4AB0-4097-AE33-497ACC3AED5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F340EBE-F9EC-4CA5-B371-E454FB6B967B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C88F9AE-E3A6-4EB7-B6EE-EBC115CED021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{607B9A66-5F97-4728-B6ED-C161DA13D4C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C627DD23-1741-49C5-9D0B-90860D6BF701}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [UDP Query User{0586A64D-566E-4700-B9D3-464B39902344}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{D4704BBE-0CFE-4BB8-A9B6-4390C2A3BB81}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{E86DC197-210B-4146-AA71-9DAFEE56F332}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe ()
FirewallRules: [{6EB8FEA4-E0CE-4CBC-8C51-DE2A359AB171}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EB38BA06-F044-45F0-8E05-8CF207CAC57E}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2A48BF9C-EBD8-4416-8027-3DF2FA1EBE47}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{47AA7DF3-D911-4A4E-88CD-B801E7250B30}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{93D8C5FC-A6D1-4325-AE0D-E94D1ADA586E}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{65EF0972-7182-4D16-8A1F-AD6D5C90ABFB}] => (Allow) C:\non-os\avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B3B26794-6F84-4ECA-A1D3-68D9C96E0ECF}] => (Allow) C:\non-os\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D94D36F-A5AA-4B29-B7C2-B92CB0FE7530}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{033E27C5-B27E-4B3D-9070-7E5B6FB5C3A5}] => (Allow) C:\non-os\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A87C6766-180F-4E11-8AC5-4B6B145FD6D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
10-02-2019 06:07:04 Removed RT 7 Lite x64
13-02-2019 18:26:49 Restore Point Created by FRST
13-02-2019 20:48:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2019 12:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/13/2019 09:13:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/13/2019 08:41:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/13/2019 06:32:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/13/2019 06:26:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c484f51a-6dcd-4494-9c10-fc330a733563}
 
Error: (02/13/2019 06:19:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/12/2019 11:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/12/2019 11:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (02/14/2019 12:31:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (02/14/2019 12:30:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (02/14/2019 12:30:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2019 09:13:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (02/13/2019 09:13:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2019 09:13:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (02/13/2019 08:41:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (02/13/2019 08:40:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-12-02 02:59:06.459
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:59:06.225
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:59:00.999
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:59:00.656
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:58:58.269
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:58:58.035
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:58:55.867
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-02 02:58:55.571
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 8080.36 MB
Available physical RAM: 5419.04 MB
Total Virtual: 20198.5 MB
Available Virtual: 17531.88 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:810.43 GB) NTFS
Drive e: (Windows 7) (Removable) (Total:7.26 GB) (Free:7.19 GB) NTFS
 
\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#25
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi,

Fantastic! Looks like we got rid of the infection. 

 

We'll run a few scanners to check for any remnants, just in case.

 

 

Download AdwCleaner and save it to your Desktop.

  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

------------------------------

Malwarebytes Anti-Malware is already installed on your computer.


  • Launch Malwarebytes.
  • Click on Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export  in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
  • Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.

------------------------------

Download Security Analysis by Rocket Grannie and save it to your desktop.

  • Right-click on RGSA.exe and select Run as Administrator.
  • If you receive a SmartScreen notice, click on More Info, then Run Anyway.
  • A disclaimer window will appear - click OK.
  • Once the scan is complete, Notepad will open with the scan results. Copy and paste the scan results into your next reply.

Note: the scan log is saved as SALog.txt in the same directory the tool is run from.

------------------------------

In your next reply, please include:


  • AdwCleaner log
  • Malwarebytes log
  • Security Analysis log

Thanks.

 

 


  • 0

Advertisements


#26
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

looking good. dont forget we need to check out that chkdsk log please. also, if you wouldnt mind, i need some help with why its taking over 5 mins for shut downs. start up isnt bad. just shutdown atm. and why do i have 2 avast installed and running? actually... how is that possible?

 

ps. adwcleaner found 3 results. clicked clean, restarted, ran scan again and they are gone. any other scans i can do? mostly for performance issues i guess... computer seems sluggish to be honest.

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-12.2 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-14-2019
# Duration: 00:00:02
# OS:       Windows 7 Ultimate
# Cleaned:  3
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\BSD\DriverHiveEngine
Deleted       C:\ProgramData\BSD\DriverHive
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\BSD
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1369 octets] - [14/02/2019 19:14:06]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/14/19
Scan Time: 7:39 PM
Log File: 34d4b53e-30ba-11e9-8024-801934ce9bf3.json
 
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.9274
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 233385
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 48 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 16th, december 2018
Running from:C:\Users\User\Desktop (19:50:02 - 02/14/2019)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Adobe Acrobat Reader DC (19.008.20074)
CCleaner (5.51)
Google Chrome (72.0.3626.109)
Java (8.0.1910.12)
Malwarebytes (3.6.1.2711)
 
***----------------Analysis Complete-------------------------***

  • 0

#27
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

If Avast seems to be working properly I would not worry about it.

We'll take a look at the chkdsk log.
  • Press the Windows Key + R. Type eventvwr and press Enter.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Regarding the shutdown problem, do you get a message box saying "Programs need to close", etc? Or just generally slow shutdown speed?

Thanks.
  • 0

#28
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

o...m...g... so many events. info, error, warning, its like a xmas tree lol. and no no error pop ups. the desktop closes and goes to the shutting down screen and takes 5mins there. sometimes i see it stay on "shutting down services" for a min before itll say shutting down but not all the time. 

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          02/12/2019 11:31:36 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      User-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x797bfa for possibly 0x12 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x19d72 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 105842.
  287744 file records processed.                                         
 
File verification completed.
  814 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  48 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
Index entry WebCacheV01.tmp of index $I30 in file 0x39 points to unused file 0x19d71.
Deleting index entry WebCacheV01.tmp in index $I30 of file 57.
Index entry WEBCAC~1.TMP of index $I30 in file 0x39 points to unused file 0x19d71.
Deleting index entry WEBCAC~1.TMP in index $I30 of file 57.
Index entry {8b6b6ee2-577d-4113-8b8d-ee730625d939}_OnDiskSnapshotProp of index $I30 in file 0x219 points to unused file 0x1821a.
Deleting index entry {8b6b6ee2-577d-4113-8b8d-ee730625d939}_OnDiskSnapshotProp in index $I30 of file 537.
Index entry {8B6B6~1 of index $I30 in file 0x219 points to unused file 0x1821a.
Deleting index entry {8B6B6~1 in index $I30 of file 537.
The file reference 0xa2000000008f31 of index entry {93a34a5e-35dc-4ad9-96c0-22b121ce84ba}_OnDiskSnapshotProp of index $I30
with parent 0x219 is not the same as 0xa7000000008f31.
Deleting index entry {93a34a5e-35dc-4ad9-96c0-22b121ce84ba}_OnDiskSnapshotProp in index $I30 of file 537.
The file reference 0xa2000000008f31 of index entry {93A34~1 of index $I30
with parent 0x219 is not the same as 0xa7000000008f31.
Deleting index entry {93A34~1 in index $I30 of file 537.
Index entry {d7a7d381-538f-4bf8-b86d-cb6a62c1cb14}_OnDiskSnapshotProp of index $I30 in file 0x219 points to unused file 0x1ccac.
Deleting index entry {d7a7d381-538f-4bf8-b86d-cb6a62c1cb14}_OnDiskSnapshotProp in index $I30 of file 537.
Index entry {D7A7D~1 of index $I30 in file 0x219 points to unused file 0x1ccac.
Deleting index entry {D7A7D~1 in index $I30 of file 537.
Index entry {f0405a9e-651d-44f9-b56d-6e1d4250358b}_OnDiskSnapshotProp of index $I30 in file 0x219 points to unused file 0x18d49.
Deleting index entry {f0405a9e-651d-44f9-b56d-6e1d4250358b}_OnDiskSnapshotProp in index $I30 of file 537.
Index entry {F0405~1 of index $I30 in file 0x219 points to unused file 0x18d49.
Deleting index entry {F0405~1 in index $I30 of file 537.
Index entry EtwRTUBPM.etl of index $I30 in file 0xf73 points to unused file 0x1f2a8.
Deleting index entry EtwRTUBPM.etl in index $I30 of file 3955.
Index entry ETWRTU~1.ETL of index $I30 in file 0xf73 points to unused file 0x1f2a8.
Deleting index entry ETWRTU~1.ETL in index $I30 of file 3955.
  350670 index entries processed.                                        
 
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file {AFBF9~3.DB (66176) into directory file 558.
Recovering orphaned file {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000009f.db (66176) into directory file 558.
Recovering orphaned file LASTAL~1.DAT (90237) into directory file 3010.
Recovering orphaned file lastalive0.dat (90237) into directory file 3010.
Recovering orphaned file {6EE53~1 (283866) into directory file 537.
Recovering orphaned file {6ee53e7a-1270-49ef-a752-fee820cccced}_OnDiskSnapshotProp (283866) into directory file 537.
Recovering orphaned file {796A2~1 (284928) into directory file 537.
Recovering orphaned file {796a2d24-d534-4bba-b7fa-7ce440537d9a}_OnDiskSnapshotProp (284928) into directory file 537.
  6 unindexed files scanned.                                        
 
Recovering orphaned file {6FEA4~1 (286018) into directory file 537.
Recovering orphaned file {6fea4ddf-5af6-47ff-b142-f4b8311dcbfc}_OnDiskSnapshotProp (286018) into directory file 537.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  287744 file SDs/SIDs processed.                                        
 
Cleaning up 625 unused index entries from index $SII of file 0x9.
Cleaning up 625 unused index entries from index $SDH of file 0x9.
Cleaning up 625 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 105842.
  31465 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
The USN Journal length 0xd9659b58 in file 0x37 is less the
largest USN encountered, 0xd965e7c0, plus eight in file 0x67db.
Repairing Usn Journal $J data stream.
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
 
 976247807 KB total disk space.
 124576456 KB in 142016 files.
     96384 KB in 31466 indexes.
         0 KB in bad sectors.
    384679 KB in use by the system.
     65536 KB occupied by the log file.
 851190288 KB available on disk.
 
      4096 bytes in each allocation unit.
 244061951 total allocation units on disk.
 212797572 allocation units available on disk.
 
Internal Info:
00 64 04 00 b5 a5 02 00 2f 01 05 00 00 00 00 00  .d....../.......
b1 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00  ....0...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-02-13T04:31:36.000000000Z" />
    <EventRecordID>23926</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>User-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x797bfa for possibly 0x12 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x19d72 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 105842.
  287744 file records processed.                                         
 
File verification completed.
  814 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  48 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
Index entry WebCacheV01.tmp of index $I30 in file 0x39 points to unused file 0x19d71.
Deleting index entry WebCacheV01.tmp in index $I30 of file 57.
Index entry WEBCAC~1.TMP of index $I30 in file 0x39 points to unused file 0x19d71.
Deleting index entry WEBCAC~1.TMP in index $I30 of file 57.
Index entry {8b6b6ee2-577d-4113-8b8d-ee730625d939}_OnDiskSnapshotProp of index $I30 in file 0x219 points to unused file 0x1821a.
Deleting index entry {8b6b6ee2-577d-4113-8b8d-ee730625d939}_OnDiskSnapshotProp in index $I30 of file 537.
Index entry {8B6B6~1 of index $I30 in file 0x219 points to unused file 0x1821a.
Deleting index entry {8B6B6~1 in index $I30 of file 537.
The file reference 0xa2000000008f31 of index entry {93a34a5e-35dc-4ad9-96c0-22b121ce84ba}_OnDiskSnapshotProp of index $I30
with parent 0x219 is not the same as 0xa7000000008f31.
Deleting index entry {93a34a5e-35dc-4ad9-96c0-22b121ce84ba}_OnDiskSnapshotProp in index $I30 of file 537.
The file reference 0xa2000000008f31 of index entry {93A34~1 of index $I30
with parent 0x219 is not the same as 0xa7000000008f31.
Deleting index entry {93A34~1 in index $I30 of file 537.
Index entry {d7a7d381-538f-4bf8-b86d-cb6a62c1cb14}_OnDiskSnapshotProp of index $I30 in file 0x219 points to unused file 0x1ccac.
Deleting index entry {d7a7d381-538f-4bf8-b86d-cb6a62c1cb14}_OnDiskSnapshotProp in index $I30 of file 537.
Index entry {D7A7D~1 of index $I30 in file 0x219 points to unused file 0x1ccac.
Deleting index entry {D7A7D~1 in index $I30 of file 537.
Index entry {f0405a9e-651d-44f9-b56d-6e1d4250358b}_OnDiskSnapshotProp of index $I30 in file 0x219 points to unused file 0x18d49.
Deleting index entry {f0405a9e-651d-44f9-b56d-6e1d4250358b}_OnDiskSnapshotProp in index $I30 of file 537.
Index entry {F0405~1 of index $I30 in file 0x219 points to unused file 0x18d49.
Deleting index entry {F0405~1 in index $I30 of file 537.
Index entry EtwRTUBPM.etl of index $I30 in file 0xf73 points to unused file 0x1f2a8.
Deleting index entry EtwRTUBPM.etl in index $I30 of file 3955.
Index entry ETWRTU~1.ETL of index $I30 in file 0xf73 points to unused file 0x1f2a8.
Deleting index entry ETWRTU~1.ETL in index $I30 of file 3955.
  350670 index entries processed.                                        
 
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file {AFBF9~3.DB (66176) into directory file 558.
Recovering orphaned file {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000009f.db (66176) into directory file 558.
Recovering orphaned file LASTAL~1.DAT (90237) into directory file 3010.
Recovering orphaned file lastalive0.dat (90237) into directory file 3010.
Recovering orphaned file {6EE53~1 (283866) into directory file 537.
Recovering orphaned file {6ee53e7a-1270-49ef-a752-fee820cccced}_OnDiskSnapshotProp (283866) into directory file 537.
Recovering orphaned file {796A2~1 (284928) into directory file 537.
Recovering orphaned file {796a2d24-d534-4bba-b7fa-7ce440537d9a}_OnDiskSnapshotProp (284928) into directory file 537.
  6 unindexed files scanned.                                        
 
Recovering orphaned file {6FEA4~1 (286018) into directory file 537.
Recovering orphaned file {6fea4ddf-5af6-47ff-b142-f4b8311dcbfc}_OnDiskSnapshotProp (286018) into directory file 537.
CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  287744 file SDs/SIDs processed.                                        
 
Cleaning up 625 unused index entries from index $SII of file 0x9.
Cleaning up 625 unused index entries from index $SDH of file 0x9.
Cleaning up 625 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 105842.
  31465 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
The USN Journal length 0xd9659b58 in file 0x37 is less the
largest USN encountered, 0xd965e7c0, plus eight in file 0x67db.
Repairing Usn Journal $J data stream.
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
 
 976247807 KB total disk space.
 124576456 KB in 142016 files.
     96384 KB in 31466 indexes.
         0 KB in bad sectors.
    384679 KB in use by the system.
     65536 KB occupied by the log file.
 851190288 KB available on disk.
 
      4096 bytes in each allocation unit.
 244061951 total allocation units on disk.
 212797572 allocation units available on disk.
 
Internal Info:
00 64 04 00 b5 a5 02 00 2f 01 05 00 00 00 00 00  .d....../.......
b1 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00  ....0...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

  • 0

#29
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

When shutting down, press Ctrl + Shift + Esc to open Task Manager...which processes are using the most CPU/memory?
  • 0

#30
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts

umm... this is going to be hard. when i hit shut down, with in a few secs the desktop/explorere.exe is closed and its the windows background where it will say shutting down services or shutting down windows. so the 2nd times i hit shutdown i had task mgr open, over 3/4 the process almost insta closed. and the ones left i saw before it went to said shutting down screen wasnt really high in memory or cpu. highest memory was i believe 19,000 k. and thats the normal amount for that process.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP