PDA

View Full Version : Please help me



Knine46
2021-06-26, 00:58
Hi guys,

Nice to meet you all!! Im having a terrible time, ive had my computer remotely accessed, money gone from my account, a linux gadget tool in my bios boot line up amongst other things. At the minute im unable to update windows defender and the firewall has countless rules which allow remote access. The path to my firewall reads like this C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p which microsoft has told me is due to some sort off malweare, also my update is C:\Windows\system32\svchost.exe -k netsvcs -p. Now ive run virus scans and they find nothing everytime, I ran a program called resoro with a quick scan and it found 500+ problems. If im to buy this spybot would it fix my problem? Is there another way? Does anyone know whats going on, it lowers my firewall, stops me from updating, I reinstall windows but its jus still there. Ive lost my father recently and having this happen is a real kick in the teeth, im literally begging any kind soul to help me plz

Thankyou so much

btw if I run aswmbr it blue screens and on the blue screen says what failed is the program, this is in safe mode... im unable to run avg in safe mode

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
Ran by k9ste (administrator) on DESKTOP-QDCEAB9 (ASUS System Product Name) (25-06-2021 22:38:55)
Running from C:\Users\k9ste\Downloads
Loaded Profiles: k9ste
Platform: Windows 10 Home Version 21H1 19043.928 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\k9ste\AppData\Local\Temp\is-O5DL2.tmp\_isetup\_setup64.tmp
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <18>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Opera Software AS -> Opera Software) C:\Users\k9ste\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\RestoroMain.exe
(Safer-Networking Ltd. -> ) C:\Users\k9ste\AppData\Local\Temp\is-BR2PL.tmp\spybotsd-2.8.68.0.tmp
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Users\k9ste\Downloads\spybotsd-2.8.68.0.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Restoro] => C:\Program Files\Restoro\bin\RestoroApp.ex
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [171320 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\Run: [Opera Browser Assistant] => C:\Users\k9ste\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3989200 2021-06-24] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\RunOnce: [Uninstall 21.109.0530.0001\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\k9ste\AppData\Local\Microsoft\OneDrive\21.109.0530.0001\amd64"
HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\RunOnce: [Uninstall 21.109.0530.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\k9ste\AppData\Local\Microsoft\OneDrive\21.109.0530.0001"
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A1D16F5-7A92-406D-AD89-903D3FDFB0CC} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {2E75F990-C0CB-4D65-97A6-6F0A8BDD6DBC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E2278AB-7AE6-40F3-9A5B-AC358C445575} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {9A12C31E-DBA3-42C7-9FFD-9C16E4DF2BD4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4950840 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {9E55AF25-2ABC-4E95-A880-A18B6BED50E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E12C9FF2-EFBB-431F-B5B2-600F3F925E73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F93F66EE-2245-4E71-BAC7-F159E13DF7F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\敒牦獥⁨灓批瑯䄠瑮⵩敂捡湯椠浭湵穩瑡潩n.job => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{51742452-323b-49d5-aaa6-bfa5b43c219b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\k9ste\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-25]

Opera:
=======
OPR Profile: C:\Users\k9ste\AppData\Roaming\Opera Software\Opera Stable [2021-06-25]
OPR Extension: (Rich Hints Agent) - C:\Users\k9ste\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1097624 2021-06-25] (ASUSTeK Computer Inc. -> )
S2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [625976 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [374072 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8297584 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133080 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S2 RestoroActiveProtection; C:\Program Files\Restoro\bin\RestoroProtection.exe [9310216 2021-02-07] (Restoro Ltd -> Restoro)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35872 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [217056 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [366704 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250464 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99440 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgElam; C:\Windows\System32\drivers\avgElam.sys [17344 2021-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41488 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [182736 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [524568 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [108000 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83056 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851344 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\System32\drivers\avgSP.sys [472064 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215536 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327696 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 cthda; C:\Windows\system32\drivers\cthda.sys [1090416 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
S3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
U0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425184 2021-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-25 22:38 - 2021-06-25 22:39 - 000012894 _____ C:\Users\k9ste\Downloads\FRST.txt
2021-06-25 22:38 - 2021-06-25 22:39 - 000000000 ____D C:\FRST
2021-06-25 22:37 - 2021-06-25 22:37 - 005198336 _____ (AVAST Software) C:\Users\k9ste\Downloads\aswMBR.exe
2021-06-25 22:36 - 2021-06-25 22:36 - 002300416 _____ (Farbar) C:\Users\k9ste\Downloads\FRST64.exe
2021-06-25 22:11 - 2021-06-25 22:27 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-06-25 22:11 - 2021-06-25 22:11 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-06-25 22:11 - 2021-06-25 22:11 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2021-06-25 22:11 - 2021-06-25 22:11 - 000001448 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2021-06-25 22:11 - 2021-06-25 22:11 - 000001409 _____ C:\Users\k9ste\Desktop\Opera browser.lnk
2021-06-25 22:11 - 2021-06-25 22:11 - 000001399 _____ C:\Users\k9ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2021-06-25 22:11 - 2021-06-25 22:11 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2021-06-25 22:11 - 2021-06-25 22:11 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2021-06-25 22:11 - 2021-06-25 22:11 - 000000592 _____ C:\Windows\Tasks\敒牦獥⁨灓批瑯䄠瑮⵩敂捡湯椠浭湵穩瑡潩n.job
2021-06-25 22:11 - 2021-06-25 22:11 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Users\k9ste\AppData\Roaming\Opera Software
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Users\k9ste\AppData\Local\Safer-Networking Ltd
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Users\k9ste\AppData\Local\Opera Software
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
2021-06-25 22:11 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2021-06-25 22:11 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2021-06-25 22:09 - 2021-06-25 22:09 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\k9ste\Downloads\spybotsd-2.8.68.0.exe
2021-06-25 22:01 - 2021-06-25 22:03 - 000605474 _____ C:\Windows\ntbtlog.txt
2021-06-25 22:01 - 2021-06-25 22:02 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-25 21:56 - 2021-06-25 21:56 - 000000000 ____D C:\Users\k9ste\AppData\Local\AVG
2021-06-25 21:55 - 2021-06-25 21:55 - 000851344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000524568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000472064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000366704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000340280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-06-25 21:55 - 2021-06-25 21:55 - 000327696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000250464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000217056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000215536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000182736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000108000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000099440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000083056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000041488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000035872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000017344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2021-06-25 21:55 - 2021-06-25 21:55 - 000003992 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-06-25 21:55 - 2021-06-25 21:55 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2021-06-25 21:55 - 2021-06-25 21:55 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2021-06-25 21:55 - 2021-06-25 21:55 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Users\k9ste\AppData\Roaming\AVG
2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Users\k9ste\AppData\Local\CEF
2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Program Files\Common Files\AVG
2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Program Files\AVG
2021-06-25 21:54 - 2021-06-25 22:01 - 000000000 ____D C:\ProgramData\AVG
2021-06-25 21:54 - 2021-06-25 21:54 - 000261448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\k9ste\Downloads\avg_antivirus_free_setup.exe
2021-06-25 21:43 - 2021-06-25 22:03 - 000000151 _____ C:\Windows\restoro.ini
2021-06-25 21:43 - 2021-06-25 22:03 - 000000000 ____D C:\ProgramData\Restoro
2021-06-25 21:43 - 2021-06-25 21:43 - 000932664 _____ (Restoro) C:\Users\k9ste\Downloads\Restoro.exe
2021-06-25 21:43 - 2021-06-25 21:43 - 000001745 _____ C:\Users\Public\Desktop\Restoro.lnk
2021-06-25 21:43 - 2021-06-25 21:43 - 000001745 _____ C:\ProgramData\Desktop\Restoro.lnk
2021-06-25 21:43 - 2021-06-25 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro
2021-06-25 21:43 - 2021-06-25 21:43 - 000000000 ____D C:\Program Files\Restoro
2021-06-25 21:15 - 2021-06-25 21:15 - 000000000 ____D C:\Users\k9ste\AppData\Local\Comms
2021-06-25 20:59 - 2021-06-25 21:32 - 000000000 ___RD C:\Users\k9ste\OneDrive
2021-06-25 20:59 - 2021-06-25 21:17 - 000000000 ____D C:\Users\k9ste\AppData\Local\PlaceholderTileLogoFolder
2021-06-25 20:59 - 2021-06-25 20:59 - 000000000 ___HD C:\OneDriveTemp
2021-06-25 20:59 - 2021-06-25 20:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-06-25 20:58 - 2021-06-25 21:32 - 000000000 ____D C:\Users\k9ste\AppData\Local\Packages
2021-06-25 20:58 - 2021-06-25 21:17 - 000000000 ____D C:\ProgramData\Packages
2021-06-25 20:58 - 2021-06-25 21:13 - 000000000 ____D C:\Users\k9ste\AppData\Local\ConnectedDevicesPlatform
2021-06-25 20:58 - 2021-06-25 21:01 - 000000000 ____D C:\Users\k9ste\AppData\Local\D3DSCache
2021-06-25 20:58 - 2021-06-25 20:59 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-06-25 20:58 - 2021-06-25 20:58 - 000333224 _____ () C:\Windows\system32\AsusDownLoadLicense.exe
2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ___RD C:\Users\k9ste\3D Objects
2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ____D C:\Users\k9ste\AppData\Roaming\Adobe
2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ____D C:\Users\k9ste\AppData\Local\VirtualStore
2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ____D C:\Users\k9ste\AppData\Local\Publishers
2021-06-25 20:56 - 2021-06-25 22:07 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-25 20:56 - 2021-06-25 20:59 - 000000000 ____D C:\Users\k9ste
2021-06-25 20:56 - 2021-06-25 20:56 - 000000020 ___SH C:\Users\k9ste\ntuser.ini
2021-06-25 20:55 - 2021-06-25 22:01 - 000000000 ____D C:\ProgramData\NVIDIA
2021-06-25 20:55 - 2021-06-25 20:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-06-25 20:53 - 2021-06-25 20:53 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2021-06-25 20:52 - 2021-06-25 20:52 - 000000000 _SHDL C:\Documents and Settings
2021-06-25 20:50 - 2021-06-25 22:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-25 20:50 - 2021-06-25 21:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-06-25 20:50 - 2021-06-25 20:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-06-25 20:50 - 2021-06-25 20:51 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-25 20:50 - 2021-06-25 20:51 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-25 20:50 - 2021-06-25 20:50 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2021-06-25 20:50 - 2021-06-25 20:50 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-25 20:50 - 2021-06-25 20:50 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-25 20:50 - 2021-06-25 20:50 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Windows\ServiceProfiles
2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Users\Public\Creative
2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\ProgramData\ASUS
2021-06-25 20:49 - 2021-06-25 22:02 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-25 20:49 - 2021-06-25 22:01 - 001136496 _____ C:\Windows\system32\wpbbin.exe
2021-06-25 20:49 - 2021-06-25 22:01 - 001097624 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-06-25 17:19 - 2021-06-25 20:52 - 000000000 ____D C:\Windows\Panther
2021-06-25 17:19 - 2021-06-25 20:52 - 000000000 ____D C:\Windows.old
2021-06-25 17:18 - 2021-06-25 17:18 - 000000000 ____D C:\ProgramData\ssh
2021-06-25 17:16 - 2021-06-25 17:16 - 004898144 _____ (Microsoft Corporation) C:\Windows\system32\rtmpltfm.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 003860832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpltfm.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-25 17:16 - 2021-06-25 17:16 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-25 17:16 - 2021-06-25 17:16 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-25 17:16 - 2021-06-25 17:16 - 001394024 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-25 17:16 - 2021-06-25 17:16 - 001354080 _____ (Microsoft Corporation) C:\Windows\system32\rtmpal.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-25 17:16 - 2021-06-25 17:16 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-06-25 17:16 - 2021-06-25 17:16 - 001091936 _____ (Microsoft Corporation) C:\Windows\system32\rtmcodecs.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 001032544 _____ (Microsoft Corporation) C:\Windows\system32\ortcengine.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000980320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpal.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000915296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmcodecs.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000732000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ortcengine.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-06-25 17:16 - 2021-06-25 17:16 - 000707016 _____ C:\Windows\system32\TextShaping.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-06-25 17:16 - 2021-06-25 17:16 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-06-25 17:16 - 2021-06-25 17:16 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-06-25 17:16 - 2021-06-25 17:16 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-25 17:16 - 2021-06-25 17:16 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-06-25 17:16 - 2021-06-25 17:16 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000266240 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2021-06-25 17:16 - 2021-06-25 17:16 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-06-25 17:16 - 2021-06-25 17:16 - 000231248 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2021-06-25 17:16 - 2021-06-25 17:16 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-06-25 17:16 - 2021-06-25 17:16 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-06-25 17:16 - 2021-06-25 17:16 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-06-25 17:16 - 2021-06-25 17:16 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-06-25 17:16 - 2021-06-25 17:16 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
2021-06-25 17:16 - 2021-06-25 17:16 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
2021-06-25 17:16 - 2021-06-25 17:16 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000091136 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-25 17:16 - 2021-06-25 17:16 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-06-25 17:16 - 2021-06-25 17:16 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-06-25 17:16 - 2021-06-25 17:16 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-06-25 17:16 - 2021-06-25 17:16 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-06-25 17:16 - 2021-06-25 17:16 - 000056672 _____ (Microsoft Corporation) C:\Windows\system32\rtmmvrortc.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmmvrortc.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000045880 _____ C:\Windows\system32\HvSocket.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
2021-06-25 17:16 - 2021-06-25 17:16 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
2021-06-25 17:16 - 2021-06-25 17:16 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-25 17:16 - 2021-06-25 17:16 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2021-06-25 17:16 - 2021-06-25 17:16 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2021-06-25 17:15 - 2021-06-25 17:15 - 004227116 _____ C:\Windows\system32\DefaultHrtfs.bin
2021-06-25 17:15 - 2021-06-25 17:15 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-25 17:15 - 2021-06-25 17:15 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000197632 _____ C:\Windows\system32\IHDS.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000064552 _____ C:\Windows\system32\umpdc.dll
2021-06-25 17:15 - 2021-06-25 17:15 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2021-06-25 17:15 - 2021-06-25 17:15 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-06-25 17:12 - 2021-06-25 17:12 - 000008192 _____ C:\Windows\system32\config\userdiff
2021-06-25 16:06 - 2021-06-25 21:35 - 000000000 ___HD C:\$SysReset
2021-06-24 22:17 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-06-24 22:17 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe
2021-06-24 22:17 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-06-24 22:17 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-06-24 22:17 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-06-24 22:17 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1.dll
2021-06-24 22:17 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-06-24 22:17 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-06-24 22:17 - 2020-10-07 13:36 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-06-24 22:17 - 2020-10-07 13:36 - 000351128 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-06-24 22:17 - 2020-10-07 13:34 - 001023216 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-06-24 22:17 - 2020-10-07 13:34 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2021-06-24 22:17 - 2020-10-07 13:34 - 000673520 _____ C:\Windows\system32\nvofapi64.dll
2021-06-24 22:17 - 2020-10-07 13:34 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-06-24 22:17 - 2020-10-07 13:34 - 000555248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-06-24 22:17 - 2020-10-07 13:34 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 006860184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 004174064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 002508528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 002098072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 001507224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 001161112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 000657304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-06-24 22:17 - 2020-10-07 13:33 - 000589208 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-06-24 22:17 - 2020-10-07 13:33 - 000445848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-06-24 22:17 - 2020-10-07 13:33 - 000230720 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-06-24 22:17 - 2020-10-07 13:33 - 000047232 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2021-06-24 22:17 - 2020-10-07 13:32 - 005519600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-06-24 22:17 - 2020-10-07 13:32 - 000849648 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-06-24 22:17 - 2020-10-07 13:29 - 007001536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-06-24 22:17 - 2020-10-07 13:29 - 005972824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-06-24 22:17 - 2020-10-07 13:11 - 000080930 _____ C:\Windows\system32\nvinfo.pb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-25 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-25 22:07 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-06-25 22:02 - 2019-12-07 10:03 - 000262144 _____ C:\Windows\system32\config\BBI
2021-06-25 21:55 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-06-25 21:35 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2021-06-25 21:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-25 21:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-06-25 21:28 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-25 21:27 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-06-25 21:14 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-25 21:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-06-25 20:58 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-25 20:54 - 2019-12-07 15:46 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-06-25 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2021-06-25 20:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-06-25 20:53 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-06-25 20:52 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-06-25 20:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2021-06-25 20:50 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-06-25 17:18 - 2019-12-07 15:48 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-06-25 17:18 - 2019-12-07 15:48 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2021-06-25 17:18 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-06-25 17:18 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-06-25 17:18 - 2019-12-07 15:44 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2021-06-25 17:18 - 2019-12-07 15:44 - 000000000 ____D C:\Windows\en-GB
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\DiagTrack
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-06-25 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by k9ste (25-06-2021 22:40:11)
Running from C:\Users\k9ste\Downloads
Windows 10 Home Version 21H1 19043.928 (X64) (2021-06-25 19:52:41)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-953357169-3960572737-3714742359-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-953357169-3960572737-3714742359-503 - Limited - Disabled)
Guest (S-1-5-21-953357169-3960572737-3714742359-501 - Limited - Disabled)
k9ste (S-1-5-21-953357169-3960572737-3714742359-1001 - Administrator - Enabled) => C:\Users\k9ste
WDAGUtilityAccount (S-1-5-21-953357169-3960572737-3714742359-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.5.3185 - AVG Technologies)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Opera Stable 77.0.4054.146 (HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\Opera 77.0.4054.146) (Version: 77.0.4054.146 - Opera Software)
Restoro (HKLM\...\Restoro) (Version: 2.0.2.8 - Restoro)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-25] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-06-25 22:10 - 2021-06-25 22:10 - 000006144 _____ () [File not signed] C:\Users\k9ste\AppData\Local\Temp\is-O5DL2.tmp\_isetup\_setup64.tmp
2021-06-25 22:10 - 2020-02-03 13:09 - 000347667 _____ () [File not signed] C:\Users\k9ste\AppData\Local\Temp\is-O5DL2.tmp\inno-imgconvert.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-953357169-3960572737-3714742359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\k9ste\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\ruby 1.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6DFB068E-F62B-445E-9692-2EE4FD044A1C}] => (Allow) C:\Users\k9ste\AppData\Local\Programs\Opera\77.0.4054.146\opera.exe (Opera Software AS -> Opera Software)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:232.27 GB) (Free:190.45 GB) (82%)

==================== Faulty Device Manager Devices ============

Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Sound Blaster Audio Controller
Description: Sound Blaster Audio Controller
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative Technology Ltd.
Service: HDAudBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/25/2021 09:00:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-QDCEAB9)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147024662

Error: (06/25/2021 08:54:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (06/25/2021 08:50:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1409.


System errors:
=============
Error: (06/25/2021 10:40:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/25/2021 10:40:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/25/2021 10:39:23 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration

Error: (06/25/2021 10:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Windows Defender:
================
Date: 2021-06-25 22:02:38
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-06-25 22:01:06
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2021-06-25 22:01:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-25 22:01:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-06-25 22:01:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1901 04/13/2021
Motherboard: ASUSTeK COMPUTER INC. ROG MAXIMUS XI HERO
Processor: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Percentage of memory in use: 16%
Total physical RAM: 32684.34 MB
Available physical RAM: 27220.21 MB
Total Virtual: 37804.34 MB
Available Virtual: 29312.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.27 GB) (Free:190.45 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:930.21 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:232.88 GB) (Free:232.49 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:930.21 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.07 GB) NTFS
Drive h: (ESD-USB) (Removable) (Total:31.99 GB) (Free:27.71 GB) FAT32
Drive i: (RYUO) (Removable) (Total:0 GB) (Free:0 GB) FAT

\\?\Volume{b031b538-2c48-4f8f-aa41-81fea1a1656a}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{fb0f1e4c-0f44-43e2-bba6-e5f5dd09c949}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BE9B9FD6)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BE9B9FD5)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BE9B9FD4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BE9B9FD3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 58 GB) (Disk ID: 1FFECF59)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 6.

==================== End of Addition.txt =======================

Knine46
2021-06-26, 01:04
All those drives are empty yet they all have space taken, and this is a new windows install, literally jus virus programs put on, no drivers yet

I just did a scan with the free version of spybot and it actually found 62 entries, which im happy about, but upon fixing its locked up and is not responding

Interesting, upon running it again this time it only found 5 entries, so I imagine the others were removed. I really hope im getting somewhere, I went to the security area but nothing was on the screen, I then went to services and it does say it can not be started in safe mode so im not sure if thats why but seems weird seeing as I have networking enabled. I really need someone with some savvy knowledge to help me with this, please someone, and if its worth me buying spybot I will do so

Thankyou all

I have this drive included with my aio which I believe is infected, it has 2 folders on it which I can not see, these are system volume inf folders, which I understand are microsoft but Ive never installed windows on a 4mb drive lol so these files must be infected, after finding them I can not seem to remove them because spybot says there safe, is there a way of removing them?

Thankyou

-------------------------------------------------

Ive just bought Restoro and I now plan to buy this program, ive run Restoro but it has not fixed my problems with updating the windows defender updates, and when I scan with this program it finds alot of files to do with Restoro so id like to know if these should not be removed because obviously that program has removed the bad and replaced them with its own. Also does this spybot have its own firewall because im thinking mayb I should just dump windows defender and use a seperate firewall along with this program and restoro, thankyou so much guys

btw is there anyone on this forum??

-------------------------------------------------------
Admin edit: https://www.bleepingcomputer.com/forums/t/753827/please-help-me-virus-or-something-which-lowers-firewall/

FAQ: https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated

Juliet
2021-06-26, 17:56
https://www.bleepingcomputer.com/forums/t/753827/please-help-me-virus-or-something-which-lowers-firewall/

nasdaq has answered this topic so I think it's best we close this one.