Results 1 to 3 of 3

Thread: Please help me

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Guest
    Join Date
    Jun 2021
    Posts
    2

    Default Please help me

    Hi guys,

    Nice to meet you all!! Im having a terrible time, ive had my computer remotely accessed, money gone from my account, a linux gadget tool in my bios boot line up amongst other things. At the minute im unable to update windows defender and the firewall has countless rules which allow remote access. The path to my firewall reads like this C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p which microsoft has told me is due to some sort off malweare, also my update is C:\Windows\system32\svchost.exe -k netsvcs -p. Now ive run virus scans and they find nothing everytime, I ran a program called resoro with a quick scan and it found 500+ problems. If im to buy this spybot would it fix my problem? Is there another way? Does anyone know whats going on, it lowers my firewall, stops me from updating, I reinstall windows but its jus still there. Ive lost my father recently and having this happen is a real kick in the teeth, im literally begging any kind soul to help me plz

    Thankyou so much

    btw if I run aswmbr it blue screens and on the blue screen says what failed is the program, this is in safe mode... im unable to run avg in safe mode

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
    Ran by k9ste (administrator) on DESKTOP-QDCEAB9 (ASUS System Product Name) (25-06-2021 22:38:55)
    Running from C:\Users\k9ste\Downloads
    Loaded Profiles: k9ste
    Platform: Windows 10 Home Version 21H1 19043.928 (X64) Language: English (United Kingdom)
    Default browser: Edge
    Boot Mode: Safe Mode (with Networking)

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Users\k9ste\AppData\Local\Temp\is-O5DL2.tmp\_isetup\_setup64.tmp
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <18>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
    (Opera Software AS -> Opera Software) C:\Users\k9ste\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
    (Restoro Ltd -> Restoro) C:\Program Files\Restoro\RestoroMain.exe
    (Safer-Networking Ltd. -> ) C:\Users\k9ste\AppData\Local\Temp\is-BR2PL.tmp\spybotsd-2.8.68.0.tmp
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Users\k9ste\Downloads\spybotsd-2.8.68.0.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Restoro] => C:\Program Files\Restoro\bin\RestoroApp.ex
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [171320 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\Run: [Opera Browser Assistant] => C:\Users\k9ste\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3989200 2021-06-24] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\RunOnce: [Uninstall 21.109.0530.0001\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\k9ste\AppData\Local\Microsoft\OneDrive\21.109.0530.0001\amd64"
    HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\RunOnce: [Uninstall 21.109.0530.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\k9ste\AppData\Local\Microsoft\OneDrive\21.109.0530.0001"
    BootExecute: autocheck autochk * sdnclean64.exe
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A1D16F5-7A92-406D-AD89-903D3FDFB0CC} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies)
    Task: {2E75F990-C0CB-4D65-97A6-6F0A8BDD6DBC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {5E2278AB-7AE6-40F3-9A5B-AC358C445575} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
    Task: {9A12C31E-DBA3-42C7-9FFD-9C16E4DF2BD4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4950840 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    Task: {9E55AF25-2ABC-4E95-A880-A18B6BED50E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {E12C9FF2-EFBB-431F-B5B2-600F3F925E73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F93F66EE-2245-4E71-BAC7-F159E13DF7F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\Windows\Tasks\敒牦獥⁨灓批瑯䄠瑮⵩敂捡湯椠浭湵穩瑡潩n.job => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    Tcpip\..\Interfaces\{51742452-323b-49d5-aaa6-bfa5b43c219b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\k9ste\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-25]

    Opera:
    =======
    OPR Profile: C:\Users\k9ste\AppData\Roaming\Opera Software\Opera Stable [2021-06-25]
    OPR Extension: (Rich Hints Agent) - C:\Users\k9ste\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-25]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1097624 2021-06-25] (ASUSTeK Computer Inc. -> )
    S2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [625976 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [374072 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8297584 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133080 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
    S2 RestoroActiveProtection; C:\Program Files\Restoro\bin\RestoroProtection.exe [9310216 2021-02-07] (Restoro Ltd -> Restoro)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
    S2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35872 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [217056 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [366704 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250464 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99440 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgElam; C:\Windows\System32\drivers\avgElam.sys [17344 2021-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41488 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [182736 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [524568 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [108000 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83056 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851344 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S1 avgSP; C:\Windows\System32\drivers\avgSP.sys [472064 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215536 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327696 2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S3 cthda; C:\Windows\system32\drivers\cthda.sys [1090416 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
    S3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
    U0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
    S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425184 2021-06-25] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-25] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-06-25 22:38 - 2021-06-25 22:39 - 000012894 _____ C:\Users\k9ste\Downloads\FRST.txt
    2021-06-25 22:38 - 2021-06-25 22:39 - 000000000 ____D C:\FRST
    2021-06-25 22:37 - 2021-06-25 22:37 - 005198336 _____ (AVAST Software) C:\Users\k9ste\Downloads\aswMBR.exe
    2021-06-25 22:36 - 2021-06-25 22:36 - 002300416 _____ (Farbar) C:\Users\k9ste\Downloads\FRST64.exe
    2021-06-25 22:11 - 2021-06-25 22:27 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2021-06-25 22:11 - 2021-06-25 22:11 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2021-06-25 22:11 - 2021-06-25 22:11 - 000001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2021-06-25 22:11 - 2021-06-25 22:11 - 000001448 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
    2021-06-25 22:11 - 2021-06-25 22:11 - 000001409 _____ C:\Users\k9ste\Desktop\Opera browser.lnk
    2021-06-25 22:11 - 2021-06-25 22:11 - 000001399 _____ C:\Users\k9ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000592 _____ C:\Windows\Tasks\敒牦獥⁨灓批瑯䄠瑮⵩敂捡湯椠浭湵穩瑡潩n.job
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Users\k9ste\AppData\Roaming\Opera Software
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Users\k9ste\AppData\Local\Safer-Networking Ltd
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Users\k9ste\AppData\Local\Opera Software
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2021-06-25 22:11 - 2021-06-25 22:11 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
    2021-06-25 22:11 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
    2021-06-25 22:11 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
    2021-06-25 22:09 - 2021-06-25 22:09 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\k9ste\Downloads\spybotsd-2.8.68.0.exe
    2021-06-25 22:01 - 2021-06-25 22:03 - 000605474 _____ C:\Windows\ntbtlog.txt
    2021-06-25 22:01 - 2021-06-25 22:02 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
    2021-06-25 21:56 - 2021-06-25 21:56 - 000000000 ____D C:\Users\k9ste\AppData\Local\AVG
    2021-06-25 21:55 - 2021-06-25 21:55 - 000851344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000524568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000472064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000366704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000340280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2021-06-25 21:55 - 2021-06-25 21:55 - 000327696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000250464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000217056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000215536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000182736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000108000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000099440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000083056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000041488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000035872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000017344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
    2021-06-25 21:55 - 2021-06-25 21:55 - 000003992 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
    2021-06-25 21:55 - 2021-06-25 21:55 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
    2021-06-25 21:55 - 2021-06-25 21:55 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
    2021-06-25 21:55 - 2021-06-25 21:55 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
    2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Windows\system32\Tasks\AVG
    2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Users\k9ste\AppData\Roaming\AVG
    2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Users\k9ste\AppData\Local\CEF
    2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Program Files\Common Files\AVG
    2021-06-25 21:55 - 2021-06-25 21:55 - 000000000 ____D C:\Program Files\AVG
    2021-06-25 21:54 - 2021-06-25 22:01 - 000000000 ____D C:\ProgramData\AVG
    2021-06-25 21:54 - 2021-06-25 21:54 - 000261448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\k9ste\Downloads\avg_antivirus_free_setup.exe
    2021-06-25 21:43 - 2021-06-25 22:03 - 000000151 _____ C:\Windows\restoro.ini
    2021-06-25 21:43 - 2021-06-25 22:03 - 000000000 ____D C:\ProgramData\Restoro
    2021-06-25 21:43 - 2021-06-25 21:43 - 000932664 _____ (Restoro) C:\Users\k9ste\Downloads\Restoro.exe
    2021-06-25 21:43 - 2021-06-25 21:43 - 000001745 _____ C:\Users\Public\Desktop\Restoro.lnk
    2021-06-25 21:43 - 2021-06-25 21:43 - 000001745 _____ C:\ProgramData\Desktop\Restoro.lnk
    2021-06-25 21:43 - 2021-06-25 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro
    2021-06-25 21:43 - 2021-06-25 21:43 - 000000000 ____D C:\Program Files\Restoro
    2021-06-25 21:15 - 2021-06-25 21:15 - 000000000 ____D C:\Users\k9ste\AppData\Local\Comms
    2021-06-25 20:59 - 2021-06-25 21:32 - 000000000 ___RD C:\Users\k9ste\OneDrive
    2021-06-25 20:59 - 2021-06-25 21:17 - 000000000 ____D C:\Users\k9ste\AppData\Local\PlaceholderTileLogoFolder
    2021-06-25 20:59 - 2021-06-25 20:59 - 000000000 ___HD C:\OneDriveTemp
    2021-06-25 20:59 - 2021-06-25 20:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2021-06-25 20:58 - 2021-06-25 21:32 - 000000000 ____D C:\Users\k9ste\AppData\Local\Packages
    2021-06-25 20:58 - 2021-06-25 21:17 - 000000000 ____D C:\ProgramData\Packages
    2021-06-25 20:58 - 2021-06-25 21:13 - 000000000 ____D C:\Users\k9ste\AppData\Local\ConnectedDevicesPlatform
    2021-06-25 20:58 - 2021-06-25 21:01 - 000000000 ____D C:\Users\k9ste\AppData\Local\D3DSCache
    2021-06-25 20:58 - 2021-06-25 20:59 - 000000000 __RHD C:\Users\Public\AccountPictures
    2021-06-25 20:58 - 2021-06-25 20:58 - 000333224 _____ () C:\Windows\system32\AsusDownLoadLicense.exe
    2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ___RD C:\Users\k9ste\3D Objects
    2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ____D C:\Users\k9ste\AppData\Roaming\Adobe
    2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ____D C:\Users\k9ste\AppData\Local\VirtualStore
    2021-06-25 20:58 - 2021-06-25 20:58 - 000000000 ____D C:\Users\k9ste\AppData\Local\Publishers
    2021-06-25 20:56 - 2021-06-25 22:07 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
    2021-06-25 20:56 - 2021-06-25 20:59 - 000000000 ____D C:\Users\k9ste
    2021-06-25 20:56 - 2021-06-25 20:56 - 000000020 ___SH C:\Users\k9ste\ntuser.ini
    2021-06-25 20:55 - 2021-06-25 22:01 - 000000000 ____D C:\ProgramData\NVIDIA
    2021-06-25 20:55 - 2021-06-25 20:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2021-06-25 20:53 - 2021-06-25 20:53 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
    2021-06-25 20:52 - 2021-06-25 20:52 - 000000000 _SHDL C:\Documents and Settings
    2021-06-25 20:50 - 2021-06-25 22:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2021-06-25 20:50 - 2021-06-25 21:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
    2021-06-25 20:50 - 2021-06-25 20:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2021-06-25 20:50 - 2021-06-25 20:51 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-06-25 20:50 - 2021-06-25 20:51 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2021-06-25 20:50 - 2021-06-25 20:50 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
    2021-06-25 20:50 - 2021-06-25 20:50 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-06-25 20:50 - 2021-06-25 20:50 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2021-06-25 20:50 - 2021-06-25 20:50 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Windows\system32\SleepStudy
    2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
    2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Windows\ServiceProfiles
    2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\Users\Public\Creative
    2021-06-25 20:50 - 2021-06-25 20:50 - 000000000 ____D C:\ProgramData\ASUS
    2021-06-25 20:49 - 2021-06-25 22:02 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-06-25 20:49 - 2021-06-25 22:01 - 001136496 _____ C:\Windows\system32\wpbbin.exe
    2021-06-25 20:49 - 2021-06-25 22:01 - 001097624 _____ C:\Windows\system32\AsusUpdateCheck.exe
    2021-06-25 17:19 - 2021-06-25 20:52 - 000000000 ____D C:\Windows\Panther
    2021-06-25 17:19 - 2021-06-25 20:52 - 000000000 ____D C:\Windows.old
    2021-06-25 17:18 - 2021-06-25 17:18 - 000000000 ____D C:\ProgramData\ssh
    2021-06-25 17:16 - 2021-06-25 17:16 - 004898144 _____ (Microsoft Corporation) C:\Windows\system32\rtmpltfm.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 003860832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpltfm.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2021-06-25 17:16 - 2021-06-25 17:16 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2021-06-25 17:16 - 2021-06-25 17:16 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 002254336 _____ C:\Windows\system32\dwmscene.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2021-06-25 17:16 - 2021-06-25 17:16 - 001394024 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2021-06-25 17:16 - 2021-06-25 17:16 - 001354080 _____ (Microsoft Corporation) C:\Windows\system32\rtmpal.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
    2021-06-25 17:16 - 2021-06-25 17:16 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
    2021-06-25 17:16 - 2021-06-25 17:16 - 001091936 _____ (Microsoft Corporation) C:\Windows\system32\rtmcodecs.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 001032544 _____ (Microsoft Corporation) C:\Windows\system32\ortcengine.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000980320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmpal.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000915296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmcodecs.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000732000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ortcengine.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
    2021-06-25 17:16 - 2021-06-25 17:16 - 000707016 _____ C:\Windows\system32\TextShaping.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
    2021-06-25 17:16 - 2021-06-25 17:16 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
    2021-06-25 17:16 - 2021-06-25 17:16 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
    2021-06-25 17:16 - 2021-06-25 17:16 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2021-06-25 17:16 - 2021-06-25 17:16 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000306688 _____ C:\Windows\system32\HeatCore.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2021-06-25 17:16 - 2021-06-25 17:16 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000266240 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
    2021-06-25 17:16 - 2021-06-25 17:16 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2021-06-25 17:16 - 2021-06-25 17:16 - 000231248 _____ C:\Windows\system32\containerdevicemanagement.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
    2021-06-25 17:16 - 2021-06-25 17:16 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
    2021-06-25 17:16 - 2021-06-25 17:16 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
    2021-06-25 17:16 - 2021-06-25 17:16 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
    2021-06-25 17:16 - 2021-06-25 17:16 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
    2021-06-25 17:16 - 2021-06-25 17:16 - 000112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
    2021-06-25 17:16 - 2021-06-25 17:16 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb
    2021-06-25 17:16 - 2021-06-25 17:16 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000091136 _____ C:\Windows\system32\Drivers\cimfs.sys
    2021-06-25 17:16 - 2021-06-25 17:16 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2021-06-25 17:16 - 2021-06-25 17:16 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2021-06-25 17:16 - 2021-06-25 17:16 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
    2021-06-25 17:16 - 2021-06-25 17:16 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000060928 _____ C:\Windows\system32\runexehelper.exe
    2021-06-25 17:16 - 2021-06-25 17:16 - 000056672 _____ (Microsoft Corporation) C:\Windows\system32\rtmmvrortc.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtmmvrortc.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000047472 _____ C:\Windows\SysWOW64\umpdc.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000045880 _____ C:\Windows\system32\HvSocket.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000029696 _____ (The ICU Project) C:\Windows\system32\icuuc.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000025088 _____ (The ICU Project) C:\Windows\system32\icuin.dll
    2021-06-25 17:16 - 2021-06-25 17:16 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.drv
    2021-06-25 17:16 - 2021-06-25 17:16 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
    2021-06-25 17:16 - 2021-06-25 17:16 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
    2021-06-25 17:16 - 2021-06-25 17:16 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
    2021-06-25 17:15 - 2021-06-25 17:15 - 004227116 _____ C:\Windows\system32\DefaultHrtfs.bin
    2021-06-25 17:15 - 2021-06-25 17:15 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
    2021-06-25 17:15 - 2021-06-25 17:15 - 000455168 _____ C:\Windows\system32\ssdm.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000287232 _____ C:\Windows\system32\CoreMas.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000197632 _____ C:\Windows\system32\IHDS.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000064552 _____ C:\Windows\system32\umpdc.dll
    2021-06-25 17:15 - 2021-06-25 17:15 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
    2021-06-25 17:15 - 2021-06-25 17:15 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
    2021-06-25 17:12 - 2021-06-25 17:12 - 000008192 _____ C:\Windows\system32\config\userdiff
    2021-06-25 16:06 - 2021-06-25 21:35 - 000000000 ___HD C:\$SysReset
    2021-06-24 22:17 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
    2021-06-24 22:17 - 2020-10-07 13:36 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe
    2021-06-24 22:17 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
    2021-06-24 22:17 - 2020-10-07 13:36 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2021-06-24 22:17 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
    2021-06-24 22:17 - 2020-10-07 13:36 - 001054936 _____ C:\Windows\system32\vulkan-1.dll
    2021-06-24 22:17 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
    2021-06-24 22:17 - 2020-10-07 13:36 - 000917720 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2021-06-24 22:17 - 2020-10-07 13:36 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2021-06-24 22:17 - 2020-10-07 13:36 - 000351128 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2021-06-24 22:17 - 2020-10-07 13:34 - 001023216 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
    2021-06-24 22:17 - 2020-10-07 13:34 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
    2021-06-24 22:17 - 2020-10-07 13:34 - 000673520 _____ C:\Windows\system32\nvofapi64.dll
    2021-06-24 22:17 - 2020-10-07 13:34 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2021-06-24 22:17 - 2020-10-07 13:34 - 000555248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2021-06-24 22:17 - 2020-10-07 13:34 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 006860184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 004174064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 002508528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 002098072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 001507224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 001161112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 000657304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2021-06-24 22:17 - 2020-10-07 13:33 - 000589208 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
    2021-06-24 22:17 - 2020-10-07 13:33 - 000445848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
    2021-06-24 22:17 - 2020-10-07 13:33 - 000230720 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2021-06-24 22:17 - 2020-10-07 13:33 - 000047232 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
    2021-06-24 22:17 - 2020-10-07 13:32 - 005519600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2021-06-24 22:17 - 2020-10-07 13:32 - 000849648 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
    2021-06-24 22:17 - 2020-10-07 13:29 - 007001536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2021-06-24 22:17 - 2020-10-07 13:29 - 005972824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2021-06-24 22:17 - 2020-10-07 13:11 - 000080930 _____ C:\Windows\system32\nvinfo.pb

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-06-25 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
    2021-06-25 22:07 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
    2021-06-25 22:02 - 2019-12-07 10:03 - 000262144 _____ C:\Windows\system32\config\BBI
    2021-06-25 21:55 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
    2021-06-25 21:35 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2021-06-25 21:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-06-25 21:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
    2021-06-25 21:28 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-06-25 21:27 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
    2021-06-25 21:14 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
    2021-06-25 21:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
    2021-06-25 20:58 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2021-06-25 20:54 - 2019-12-07 15:46 - 000000000 ____D C:\Windows\system32\FxsTmp
    2021-06-25 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
    2021-06-25 20:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
    2021-06-25 20:53 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
    2021-06-25 20:52 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
    2021-06-25 20:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
    2021-06-25 20:50 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
    2021-06-25 17:18 - 2019-12-07 15:48 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
    2021-06-25 17:18 - 2019-12-07 15:48 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
    2021-06-25 17:18 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2021-06-25 17:18 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2021-06-25 17:18 - 2019-12-07 15:44 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
    2021-06-25 17:18 - 2019-12-07 15:44 - 000000000 ____D C:\Windows\en-GB
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\DiagTrack
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
    2021-06-25 17:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2021-06-25 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
    Ran by k9ste (25-06-2021 22:40:11)
    Running from C:\Users\k9ste\Downloads
    Windows 10 Home Version 21H1 19043.928 (X64) (2021-06-25 19:52:41)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-953357169-3960572737-3714742359-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-953357169-3960572737-3714742359-503 - Limited - Disabled)
    Guest (S-1-5-21-953357169-3960572737-3714742359-501 - Limited - Disabled)
    k9ste (S-1-5-21-953357169-3960572737-3714742359-1001 - Administrator - Enabled) => C:\Users\k9ste
    WDAGUtilityAccount (S-1-5-21-953357169-3960572737-3714742359-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.5.3185 - AVG Technologies)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
    NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
    Opera Stable 77.0.4054.146 (HKU\S-1-5-21-953357169-3960572737-3714742359-1001\...\Opera 77.0.4054.146) (Version: 77.0.4054.146 - Opera Software)
    Restoro (HKLM\...\Restoro) (Version: 2.0.2.8 - Restoro)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
    Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)

    Packages:
    =========
    Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-06-25] (Microsoft Corporation) [MS Ad]
    NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-25] (NVIDIA Corp.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-06-25] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2021-06-25 22:10 - 2021-06-25 22:10 - 000006144 _____ () [File not signed] C:\Users\k9ste\AppData\Local\Temp\is-O5DL2.tmp\_isetup\_setup64.tmp
    2021-06-25 22:10 - 2020-02-03 13:09 - 000347667 _____ () [File not signed] C:\Users\k9ste\AppData\Local\Temp\is-O5DL2.tmp\inno-imgconvert.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-953357169-3960572737-3714742359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\k9ste\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\ruby 1.jpg
    DNS Servers: 194.168.4.100 - 194.168.8.100
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{6DFB068E-F62B-445E-9692-2EE4FD044A1C}] => (Allow) C:\Users\k9ste\AppData\Local\Programs\Opera\77.0.4054.146\opera.exe (Opera Software AS -> Opera Software)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled (Total:232.27 GB) (Free:190.45 GB) (82%)

    ==================== Faulty Device Manager Devices ============

    Name: Microsoft Hyper-V Virtualization Infrastructure Driver
    Description: Microsoft Hyper-V Virtualization Infrastructure Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: Vid
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: PCI Device
    Description: PCI Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: NVIDIA High Definition Audio
    Description: NVIDIA High Definition Audio
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: NVIDIA
    Service: NVHDA
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Sound Blaster Audio Controller
    Description: Sound Blaster Audio Controller
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Creative Technology Ltd.
    Service: HDAudBus
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (06/25/2021 09:00:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-QDCEAB9)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147024662

    Error: (06/25/2021 08:54:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

    Error: (06/25/2021 08:50:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
    Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1409.


    System errors:
    =============
    Error: (06/25/2021 10:40:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/25/2021 10:40:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/25/2021 10:39:23 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
    Windows.Internal.Security.Authentication.Web.WamProviderRegistration

    Error: (06/25/2021 10:39:09 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
    {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
    {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (06/25/2021 10:39:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-QDCEAB9)
    Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
    {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


    Windows Defender:
    ================
    Date: 2021-06-25 22:02:38
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2021-06-25 22:01:06
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    CodeIntegrity:
    ===============
    Date: 2021-06-25 22:01:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

    Date: 2021-06-25 22:01:44
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

    Date: 2021-06-25 22:01:07
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 1901 04/13/2021
    Motherboard: ASUSTeK COMPUTER INC. ROG MAXIMUS XI HERO
    Processor: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
    Percentage of memory in use: 16%
    Total physical RAM: 32684.34 MB
    Available physical RAM: 27220.21 MB
    Total Virtual: 37804.34 MB
    Available Virtual: 29312.29 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.27 GB) (Free:190.45 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:930.21 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:232.88 GB) (Free:232.49 GB) NTFS
    Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:930.21 GB) NTFS
    Drive g: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.07 GB) NTFS
    Drive h: (ESD-USB) (Removable) (Total:31.99 GB) (Free:27.71 GB) FAT32
    Drive i: (RYUO) (Removable) (Total:0 GB) (Free:0 GB) FAT

    \\?\Volume{b031b538-2c48-4f8f-aa41-81fea1a1656a}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
    \\?\Volume{fb0f1e4c-0f44-43e2-bba6-e5f5dd09c949}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BE9B9FD6)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BE9B9FD5)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BE9B9FD4)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 4 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BE9B9FD3)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 5 (MBR Code: Windows 7/8/10) (Size: 58 GB) (Disk ID: 1FFECF59)
    Partition 1: (Active) - (Size=32 GB) - (Type=0C)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 6.

    ==================== End of Addition.txt =======================

  2. #2
    Guest
    Join Date
    Jun 2021
    Posts
    2

    Default

    All those drives are empty yet they all have space taken, and this is a new windows install, literally jus virus programs put on, no drivers yet

    I just did a scan with the free version of spybot and it actually found 62 entries, which im happy about, but upon fixing its locked up and is not responding

    Interesting, upon running it again this time it only found 5 entries, so I imagine the others were removed. I really hope im getting somewhere, I went to the security area but nothing was on the screen, I then went to services and it does say it can not be started in safe mode so im not sure if thats why but seems weird seeing as I have networking enabled. I really need someone with some savvy knowledge to help me with this, please someone, and if its worth me buying spybot I will do so

    Thankyou all

    I have this drive included with my aio which I believe is infected, it has 2 folders on it which I can not see, these are system volume inf folders, which I understand are microsoft but Ive never installed windows on a 4mb drive lol so these files must be infected, after finding them I can not seem to remove them because spybot says there safe, is there a way of removing them?

    Thankyou

    -------------------------------------------------

    Ive just bought Restoro and I now plan to buy this program, ive run Restoro but it has not fixed my problems with updating the windows defender updates, and when I scan with this program it finds alot of files to do with Restoro so id like to know if these should not be removed because obviously that program has removed the bad and replaced them with its own. Also does this spybot have its own firewall because im thinking mayb I should just dump windows defender and use a seperate firewall along with this program and restoro, thankyou so much guys

    btw is there anyone on this forum??

    -------------------------------------------------------
    Admin edit: https://www.bleepingcomputer.com/for...wers-firewall/

    FAQ: https://forums.spybot.info/showthrea...tance)-Updated
    Last edited by tashi; 2021-06-26 at 18:53. Reason: Last edited by tashi; Yesterday at 11:42 PM. Reason: Merged four (now five) posts, please don't add. :)

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,985

    Default

    https://www.bleepingcomputer.com/for...wers-firewall/

    nasdaq has answered this topic so I think it's best we close this one.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •