-
Usually after running a repair it can take a couple of reboots to see any improvements.
My main idea was to get system restore enabled.
Let's run a couple of tools to search for malware.
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
- Download AdwCleaner and move it to your Desktop
- Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
- Accept the EULA (I accept), then click on Scan
- Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png - Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
- After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/RQKuhw1.pngRogueKiller
- Download the right version of RogueKiller for your Windows version (32 or 64-bit)
- Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
- Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
- Wait for the scan to complete
- On completion, the results will be displayed
- Check every single entry (threat found), and click on the Remove Selected button
- On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
- This will open the report in Notepad. Copy/paste its content in your next reply
Your next reply(ies) should therefore contain:
- Copy/pasted AdwCleaner clean log
- Copy/pasted RogueKiller clean log
create by Aura
-
Hello Juliet, Here are the logs from AdwCleaner and Rogue
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-19.4
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-20-2018
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 4
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Ask
Deleted AOL
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1524 octets] - [20/06/2018 17:11:48]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/20/2018 17:23:08 (Duration : 00:20:10)
€€€ Processes : 0 €€€
€€€ Registry : 30 €€€
[PUP.Gen1] (X64) HKEY_USERS\RK_Administrator_ON_D_243F\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Administrator_ON_D_243F\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Guest_ON_D_624C\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Guest_ON_D_624C\Software\AVG Secure Search -> Deleted
[PUP.Auslogics] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Auslogics -> Deleted
[PUP.Auslogics] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Auslogics -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_D_0334\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_D_0334\Software\AVG Secure Search -> Deleted
[PUP.MyPCBackup|PUP.Gen1] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE} -> Deleted
[PUP.MyPCBackup|PUP.Gen1] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE} -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Start Page : https://startpage.com/do/mypage.pl?p...908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Start Page : https://startpage.com/do/mypage.pl?p...908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Search Page : https://startpage.com/do/mypage.pl?p...908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Search Page : https://startpage.com/do/mypage.pl?p...908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
€€€ Tasks : 0 €€€
€€€ Files : 0 €€€
€€€ WMI : 0 €€€
€€€ Hosts File : 0 €€€
€€€ Antirootkit : 0 (Driver: Loaded) €€€
€€€ Web browsers : 4 €€€
[PUM.SearchEngine][Firefox:Config] kvfgv9ur.default : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); -> Deleted
[PUM.SearchEngine][Firefox:Config] kvfgv9ur.default : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)"); -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://m.uscellular.com/uscellular/...authenticate/] -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://m.uscellular.com/uscellular/...authenticate/] -> Deleted
€€€ MBR Check : €€€
+++++ PhysicalDrive0: WDC WD20 03FZEX-00Z4SA0 SATA Disk Device +++++
--- User ---
[MBR] d50ad695b9744c75455cfc08cf659869
[BSP] fd40a82f0839e6f9270ad5a6861e35bf : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907626 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD64 00AAKS-65A7B2 SATA Disk Device +++++
--- User ---
[MBR] 7c4554e9db9e180b05af0c5c3abaf317
[BSP] b6be6e9d0f0336d35e5e33756ce073f7 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610478 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- MS/MS-PRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic- xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
-
Let's check for remnants
Please download the Malwarebytes Anti-Malware setup file to your Desktop.
OR from this location Here
- Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
- Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
- After the installation IS complete let it update if it asks.
- Under SETTINGS.....APPLICATIONS leave everything at default
- Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
- Then go to the Dashboard and click on SCAN NOW
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here - Then click on POST
- Exit Malwarebytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
- Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
- Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
- EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
- After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
- Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
- If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
- After the restart, open EEK again (in the C:\EEK folder);
- This time, click on Logs;
- From there, go under the Quarantine Log tab, and click on the Export button;
- Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Please post these 2 logs when finished.
Since the computer should had been rebooted a couple of times now, how is it at the moment?
-
Malware Bytes...
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 6/21/18
Scan Time: 3:03 AM
Log File: a4963660-7529-11e8-a206-fcaa14e2776d.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5564
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 356430
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 26 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 6/21/18
Scan Time: 3:03 AM
Log File: a4963660-7529-11e8-a206-fcaa14e2776d.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5564
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 356430
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 26 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
running eek now...
computer is booting up three times faster and some of the quirky behavior has stopped. :)
Thanks for asking.
BTW, I have malware bytes installed, paid version that runs all the time.
-
Juliet, squeaky clean? :)
Emsisoft Emergency Kit - Version 2018.4
Last update: 6/21/2018 7:43:59 PM
User account: Owner-PC446\Owner
Computer name: OWNER-PC446
OS version: Windows 7x64 Service Pack 1
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
Scan start: 6/21/2018 7:44:34 PM
Scanned 76391
Found 0
Scan end: 6/21/2018 7:47:41 PM
Scan time: 0:03:07
-
Yes. it's looking much better now.
Sorry I didn't catch you already had MBAM on board.
Let's give it a day, use the computer as you normally do.
If something should raise it's ugly head, please take note and let me know.
-
Errrr... I just tried to create a system restore point and it still says, "object not found"
-
Do you have any removable storage media devices connected to your laptop when trying to create a restore point?
~~
Click Start, type services.msc in the Search bar and press Enter.
Note: If UAC (User Account Control) window is prompted for permission to continue, please click Continue.
Double click Volume Shadow Copy Service and switch to General tab.
Change the Startup type to Automatic and click Apply.
Click Start and click OK.
~~
Try to create a Restore Point two or three more times to make sure the errors are well logged in the Event Viewer, then follow the instructions below.
~~~~~~~~~~~~`
http://i.imgur.com/3Al62Pm.pngMiniToolBox
- Download MiniToolBox and move the executable file to your Desktop;
- Execute MiniToolBox and check the following options:
- List Installed Programs;
- List Last 10 Event Viewer Errors;
- List Devices - Only Problems;
- List Users, Partitions and Memory size;
http://i.imgur.com/wNeKMCX.png
- Once this is done, click on Go and wait for the scan to complete;
- Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
-
Created three restore points :)
Results of Mini Tool Box...
MiniToolBox by Farbar Version: 17-06-2016
Ran by Owner (administrator) on 22-06-2018 at 11:35:02
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/22/2018 10:46:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 09:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 08:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 07:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 06:46:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 05:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 04:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 03:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 02:46:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/22/2018 01:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
System errors:
=============
Error: (06/22/2018 12:02:17 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.
Error: (06/21/2018 08:41:10 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.
Error: (06/21/2018 08:35:47 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.
Error: (06/21/2018 08:29:28 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.
Error: (06/21/2018 07:57:23 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAHLON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}.
The master browser is stopping or an election is being forced.
Error: (06/21/2018 07:50:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/21/2018 12:12:19 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.
Error: (06/20/2018 06:46:04 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.
Error: (06/20/2018 05:25:45 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAHLON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}.
The master browser is stopping or an election is being forced.
Error: (06/20/2018 05:19:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2018-06-05 22:18:22.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:29.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:26:11.882
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.23814_none_57691565f26c4f22\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:26:11.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.23814_none_57691565f26c4f22\bcrypt.dll because the set of per-page image hashes could not be found on the system.
=========================== Installed Programs ============================
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AI RoboForm (HKCU\...\AI RoboForm) (Version: - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Colour Spy 1.5 (HKLM-x32\...\Colour Spy_is1) (Version: - SilverAge Software, Inc.)
Core FTP Pro (HKLM-x32\...\CoreFTP) (Version: - )
Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
f.lux (HKCU\...\Flux) (Version: - f.lux Software LLC)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
RogueKiller version 12.12.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.23.0 - Adlice Software)
Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version: - )
SwordSearcher 4.1 Deluxe (HKLM-x32\...\{446E6F82-8899-447D-86EB-2399F453C858}) (Version: 4.1.1001 - Brandon Staggs)
The Character Creator Add On Pak v4 (HKLM-x32\...\The Character Creator Add On Pak) (Version: v4 - Laughingbird Software)
The Logo Creator v5 (HKLM-x32\...\The Logo Creator v5) (Version: - )
The Web Graphics Creator v3 (HKLM-x32\...\The Web Graphics Creator v3) (Version: - )
TimePassages (HKLM\...\{86498CF1-A12E-4132-9DC2-6093F7427C44}) (Version: 6.0.6 - AstroGraph Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.20 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Zoom (HKCU\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
========================= Devices: ================================
========================= Memory info: ===================================
Percentage of memory in use: 41%
Total physical RAM: 8160.31 MB
Available physical RAM: 4803.47 MB
Total Virtual: 16318.8 MB
Available Virtual: 12301.86 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:1544.35 GB) NTFS
2 Drive d: () (Fixed) (Total:596.17 GB) (Free:365.09 GB) NTFS
========================= Users: ========================================
User accounts for \\OWNER-PC446
Administrator CompAdmin Guest
Owner Yodi
**** End of log ****