bsod errors every now and then

**Malnutrition** · 04-28-2019, 05:06 AM

Send the logs no need to wait for a crash.

**maxim123** · 04-28-2019, 11:59 PM

Originally posted by Malnutrition

Send the logs no need to wait for a crash.

Hi, pc crashed earlier when I was typing in a document. Here is the rescan logs https://www.sendspace.com/file/skwj0x

I am running pchunter scans now. I will send the logs as soon as it is finished.

**maxim123** · 04-29-2019, 12:46 AM

I have no idea what’s wrong but I can’t post the text contents in here. I mean when I enter post reply, it keeps on loading and doesn’t post. I tried to enter the pchunter text contents directly, but it did not paste. So I have uploaded the text file in sendspace. can’t attach here as it says the file is too large (it is 2.76 mb and probably the reason I couldn’t post here directly)

Free File Transfer | Send Large Files Instantly | SendSpace

https://www.sendspace.com/file/xh32k7

SendSpace lets you transfer large files quickly and securely for free. Enjoy hassle-free file sharing today.

i am running minitoolbox now.

**maxim123** · 04-29-2019, 12:49 AM

Minitoolbox scans:

Code:

MiniToolBox by Farbar Version: 17-06-2016
Ran by Max (administrator) on 29-04-2019 at 06:33:53
Running from “C:\Users\USER\Desktop”
Microsoft Windows 10 Pro (X64)
Model: 20369 Manufacturer: LENOVO
Boot Mode: Normal
[HR][/HR]
========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

“Reset IE Proxy Settings”: IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

“Reset FF Proxy Settings”: Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet 2 (Connected)
Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Media disconnected)
TunnelBear Adapter V9 = Ethernet 3 (Media disconnected)
[HEADING=1]----------------------------------[/HEADING]
[HEADING=1]IPv4 Configuration[/HEADING]
[HEADING=1]----------------------------------[/HEADING]
pushd interface ipv4

reset
set global dhcpmediasense=enabled
set interface interface=“Ethernet” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Local Area Connection* 3” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Wi-Fi 2” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Local Area Connection* 24” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Local Area Connection* 1” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Local Area Connection* 8” forwarding=enabled advertise=enabled metric=0 nud=enabled ignoredefaultroutes=disabled
set interface interface=“Bluetooth Network Connection” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Ethernet 2” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Wi-Fi” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Local Area Connection* 11” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Local Area Connection* 13” forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface=“Ethernet 3” forwarding=enabled advertise=enabled metric=0 nud=enabled ignoredefaultroutes=disabled

popd
[HEADING=1]End of IPv4 configuration[/HEADING]
Windows IP Configuration

Host Name . . . . . . . . . . . . : ADMIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TunnelBear Adapter V9
Physical Address. . . . . . . . . : 00-FF-C2-D4-13-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 74-29-AF-2C-90-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 76-29-AF-2C-90-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
Physical Address. . . . . . . . . : 74-29-AF-2C-90-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 68-F7-28-50-6E-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d92e:7787:a0a0:5da%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, April 29, 2019 5:08:46 AM
Lease Expires . . . . . . . . . . : Monday, April 29, 2019 8:09:04 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 107542312
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-58-95-B0-68-F7-28-50-6E-46
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2404:6800:4003:806::200e
172.217.27.46

Pinging google.com [172.217.27.46] with 32 bytes of data:
Reply from 172.217.27.46: bytes=32 time=79ms TTL=54
Reply from 172.217.27.46: bytes=32 time=79ms TTL=54

Ping statistics for 172.217.27.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 79ms, Average = 79ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 2001:4998:44:41d::3
2001:4998:c:1023::5
2001:4998:58:1836::10
2001:4998:58:1836::11
2001:4998:c:1023::4
2001:4998:44:41d::4
72.30.35.10
98.138.219.231
72.30.35.9
98.137.246.7
98.138.219.232
98.137.246.8

Pinging yahoo.com [98.138.219.232] with 32 bytes of data:
Reply from 98.138.219.232: bytes=32 time=277ms TTL=52
Reply from 98.138.219.232: bytes=32 time=276ms TTL=52

Ping statistics for 98.138.219.232:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 276ms, Maximum = 277ms, Average = 276ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
[HEADING=1]Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms[/HEADING]
[HEADING=1]Interface List
21…00 ff c2 d4 13 bd …TunnelBear Adapter V9
25…74 29 af 2c 90 55 …Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
9…76 29 af 2c 90 55 …Microsoft Wi-Fi Direct Virtual Adapter
18…74 29 af 2c 90 55 …Microsoft Wi-Fi Direct Virtual Adapter #3
8…68 f7 28 50 6e 46 …Realtek PCIe GBE Family Controller
1…Software Loopback Interface 1[/HEADING]
[HEADING=1]IPv4 Route Table[/HEADING]
[HEADING=1]Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 35
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.0.0 255.255.255.0 On-link 192.168.0.102 291
192.168.0.102 255.255.255.255 On-link 192.168.0.102 291
192.168.0.255 255.255.255.255 On-link 192.168.0.102 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.0.102 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.0.102 291[/HEADING]
Persistent Routes:
None
[HEADING=1]IPv6 Route Table[/HEADING]
[HEADING=1]Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
8 291 fe80::/64 On-link
8 291 fe80::d92e:7787:a0a0:5da/128
On-link
1 331 ff00::/8 On-link
8 291 ff00::/8 On-link[/HEADING]
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)

========================= Event log errors: ===============================
[HEADING=1]Application errors:[/HEADING]
Error: (04/28/2019 04:11:35 PM) (Source: Perflib) (User: )
Description: DirectoryServices8

Error: (04/27/2019 02:33:28 PM) (Source: Perflib) (User: )
Description: DirectoryServices8

Error: (04/26/2019 12:14:53 PM) (Source: Perflib) (User: )
Description: DirectoryServices8

Error: (04/26/2019 09:05:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for “C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest1”.Error in manifest or policy file “C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest2” on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_42f0d9a244e0990d.manifest.

Error: (04/25/2019 09:29:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for “C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest1”.Error in manifest or policy file “C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest2” on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_42f0d9a244e0990d.manifest.

Error: (04/24/2019 02:21:34 PM) (Source: Perflib) (User: )
Description: DirectoryServices8

Error: (04/23/2019 10:56:57 AM) (Source: Perflib) (User: )
Description: DirectoryServices8

Error: (04/22/2019 02:49:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for “C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest1”.Error in manifest or policy file “C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest2” on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_42f0d9a244e0990d.manifest.

Error: (04/22/2019 08:21:12 AM) (Source: Perflib) (User: )
Description: DirectoryServices8

Error: (04/22/2019 07:42:00 AM) (Source: Application Hang) (User: )
Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 316c

Start Time: 01d4f8ae96aa9d26

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: 6d88e380-0f3e-4bdc-bc01-036d9252f98f

Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen
[HEADING=1]System errors:[/HEADING]
Error: (04/29/2019 05:13:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/29/2019 05:11:03 AM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (04/29/2019 05:11:03 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/29/2019 05:10:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/29/2019 05:09:17 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
%%1008 = An attempt was made to reference a token that does not exist.

Error: (04/29/2019 05:08:46 AM) (Source: BugCheck) (User: )
Description: 0x0000012b (0xffffffffc00002c4, 0x0000000000000741, 0x000000001b198ba0, 0xffff9c007d7f0000)C:\WINDOWS\Minidump\042919-38921-01.dmpf0e810b8-6ee8-43e2-871c-2556eb1962a6

Error: (04/29/2019 05:08:46 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:44:52 AM on ‎4/‎29/‎2019 was unexpected.

Error: (04/29/2019 04:33:00 AM) (Source: DCOM) (User: ADMIN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ADMINMaxS-1-5-21-900945925-988278395-3478122750-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/28/2019 05:32:24 PM) (Source: DCOM) (User: ADMIN)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ADMINMaxS-1-5-21-900945925-988278395-3478122750-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/27/2019 11:39:16 PM) (Source: Service Control Manager) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
[HEADING=1]Microsoft Office Sessions:[/HEADING]
Error: (04/28/2019 04:11:35 PM) (Source: Perflib)(User: )
Description: DirectoryServices8

Error: (04/27/2019 02:33:28 PM) (Source: Perflib)(User: )
Description: DirectoryServices8

Error: (04/26/2019 12:14:53 PM) (Source: Perflib)(User: )
Description: DirectoryServices8

Error: (04/26/2019 09:05:03 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_42f0d9a244e0990d.manifestD:\Program Files (x86)\Audacity\audacity.exe

Error: (04/25/2019 09:29:12 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_42f0d9a244e0990d.manifestD:\Program Files (x86)\Audacity\audacity.exe

Error: (04/24/2019 02:21:34 PM) (Source: Perflib)(User: )
Description: DirectoryServices8

Error: (04/23/2019 10:56:57 AM) (Source: Perflib)(User: )
Description: DirectoryServices8

Error: (04/22/2019 02:49:58 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_fb43a2cb30647007.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.706_none_42f0d9a244e0990d.manifestD:\Program Files (x86)\Audacity\audacity.exe

Error: (04/22/2019 08:21:12 AM) (Source: Perflib)(User: )
Description: DirectoryServices8

Error: (04/22/2019 07:42:00 AM) (Source: Application Hang)(User: )
Description: LockApp.exe10.0.17134.1316c01d4f8ae96aa9d264294967295C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe6d88e380-0f3e-4bdc-bc01-036d9252f98fMicrosoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewyWindowsDefaultLockScreen
[HEADING=1]CodeIntegrity Errors:[/HEADING]
Date: 2019-03-13 09:20:12.946
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:12.908
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:12.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:12.641
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:12.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:12.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:10.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-03-13 09:20:09.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-01-12 12:28:39.824
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
AMD Software (HKLM...\AMD Catalyst Install Manager) (Version: 19.1.1 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32...{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32...\Anki) (Version: - )
Audacity 2.1.3 (HKLM-x32...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Branding64 (HKLM...{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
calibre (HKLM-x32...{00F91371-9FE2-4F75-9B49-8F7D1C135214}) (Version: 3.7.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM...{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.46 - Piriform)
Conexant HD Audio (HKLM...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant)
Dolby Digital Plus Home Theater (HKLM...{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
FormatFactory 4.5.5.0 (HKLM-x32...\FormatFactory) (Version: 4.5.5.0 - Free Time)
Foxit Reader (HKLM-x32...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Garena (remove only) (HKLM-x32...\gxx) (Version: 2.0.1904.0511 - Garena)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Hextech Repair Tool (HKLM-x32...{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.91 - Riot Games, Inc.)
IDM Crack 6.30 build 8 (HKLM-x32...\IDM Crack 6.30 build 8) (Version: 6.30 build 8 - Crackingpatching.com Team)
ImageGlass (HKLM...{D539FBEF-4AA8-4415-B66F-6367DA5D0186}_is1) (Version: 5.5.7.26 - Duong Dieu Phap)
InstaTrader (HKLM-x32...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32...\Internet Download Manager) (Version: - Tonec Inc.)
IP Camera Adapter (HKLM-x32...{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 144 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32...\LAME_is1) (Version: - )
Lenovo EasyCamera (HKLM-x32...{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Service Bridge (HKCU...{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo System Update (HKLM-x32...\TVSU_is1) (Version: 5.07.0078 - Lenovo)
Malwarebytes version 3.4.5.2467 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MetaTrader - EXNESS (HKLM-x32...\MetaTrader - EXNESS) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32...{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 66.0 (x64 en-US) (HKLM...\Mozilla Firefox 66.0 (x64 en-US)) (Version: 66.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Network Recording Player (HKLM-x32...{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
NinjaTrader 8 (HKLM-x32...{2DAF98A0-9C96-4362-8AEB-5C548C01351E}) (Version: 8.0.13.1 - NinjaTrader, LLC)
OmegaT version 4.1.5_04_Beta (HKLM-x32...\OmegaT 4.1.5_04_Beta_is1) (Version: - OmegaT)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
RapidTyping 5 (HKLM-x32...\RapidTyping5) (Version: 5.0.101 - RapidTyping Software)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Samsung USB Driver for Mobile Phones (HKLM...{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32...{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32...{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Speccy (HKLM...\Speccy) (Version: 1.31 - Piriform)
Subtitle Edit 3.4.6 (HKLM-x32...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Subtitle Edit 3.5.3 (HKLM...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
Toolwiz Time Freeze 2017 (HKLM-x32...{3A74D01E-3AEF-4DF4-8404-0056150C97A3}) (Version: 4.3.1.5000 - Toolwiz)
TunnelBear (HKLM-x32...{58a01650-b45c-443b-a51e-90f586a63532}) (Version: 3.7.2.0 - TunnelBear)
TunnelBear (HKLM-x32...{C7E7F8CF-E23A-4FC1-8AAC-8710A70490E3}) (Version: 3.7.2.0 - TunnelBear) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM...{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windscribe version 1.70 build 4 (HKLM-x32...{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinRAR 4.01 (32-bit) (HKLM-x32...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)
射手影音播放器 (HKLM-x32...\SPlayer) (Version: - )

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 8088.36 MB
Available physical RAM: 3276.87 MB
Total Virtual: 9048.36 MB
Available Virtual: 4793.77 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:115.54 GB) (Free:27.75 GB) NTFS
2 Drive d: () (Fixed) (Total:348.57 GB) (Free:42.96 GB) NTFS

========================= Users: ========================================

User accounts for \ADMIN

Administrator DefaultAccount Guest
Max WDAGUtilityAccount

**** End of log ****

**maxim123** · 04-29-2019, 12:52 AM

Hijack this scans:

Code:

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.24

Platform: x64 Windows 10 (Pro), 10.0.17134 (ReleaseId: 1803), Service Pack: 0
Time: 29.04.2019 - 06:36
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: Chinese (Simplified) (0x804)
Elevated: Yes
Ran by: Max (group: Administrator) on ADMIN

Chrome: 73.0.3683.103
Firefox: 66.0.0.7012
Edge: 11.0.17134.677
Internet Explorer: 11.0.17134.1

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
1 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\Apoint2K\ApMsgFwd.exe
1 C:\Program Files\Apoint2K\HidMonitorSvc.exe
1 C:\Program Files\Elantech\ETDCtrl.exe
1 C:\Program Files\Elantech\ETDCtrlHelper.exe
1 C:\Program Files\Elantech\ETDIntelligent.exe
1 C:\Program Files\Elantech\ETDService.exe
11 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
1 C:\Program Files\rempl\sedsvc.exe
1 C:\Users\USER\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
1 C:\Users\USER\Desktop\HiJackThis.exe
1 C:\Users\USER\Desktop\MemCompression
1 C:\Users\USER\Desktop\Registry
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atiesrxx.exe
1 C:\Windows\System32\InputMethod\CHS\ChsIME.exe
2 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\schtasks.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
66 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 C:\Windows\explorer.exe
1 D:\Program Files (x86)\Internet Download Manager\IDMan.exe
1 D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
1 D:\Program Files (x86)\kies\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 D:\Program Files (x86)\tunnebear\TunnelBear\TunnelBear.Maintenance.exe
1 D:\Program Files\Toolwiz Time Freeze 2017\ToolwizTimeFreeze.exe
1 D:\garena\Garena\2.0.1904.0511\gxxsvc.exe
1 D:\garena\Garena\Garena.exe

R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - Google - Google Search
O1 - Hosts:
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
O2-32 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2-32 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
O2-32 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
O2-32 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
O4 - HKCU..\Run: [IDMan] D:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU..\Run: [ToolwizTimeFreeze] d:\Program Files\Toolwiz Time Freeze 2017\ToolwizTimeFreeze.exe -autorun
O4 - HKCU..\StartupApproved\Run: [CCleaner Smart Cleaning] (2019/01/01)C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU..\StartupApproved\Run: [OneDriveSetup] (2019/01/01)C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKLM..\Run: [AvastUI.exe] c:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM..\StartupApproved\Run: [SecurityHealth] (2017/12/29)C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-19..\RunOnce: [WAB Migrate] C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20..\RunOnce: [WAB Migrate] C:\Program Files\Windows Mail\wab.exe /Upgrade
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr (file missing)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
O8 - Extra context menu item: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll (file missing)
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - HKLM..{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - HKLM..{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - HKLM..{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send to OneNote - HKLM..{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O16-32 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - DHCP DNS - 1: 192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file)
O21 - ShellIconOverlayIdentifiers: IDM Shell Extension - {CDC95B92-E27C-4745-A8C5-64A52A78855D} - D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O21 - ShellIconOverlayIdentifiers: OneDrive1 - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - ShellIconOverlayIdentifiers: OneDrive2 - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - ShellIconOverlayIdentifiers: OneDrive3 - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - ShellIconOverlayIdentifiers: OneDrive4 - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - ShellIconOverlayIdentifiers: OneDrive5 - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - ShellIconOverlayIdentifiers: OneDrive6 - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - ShellIconOverlayIdentifiers: OneDrive7 - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - ShellIconOverlayIdentifiers: 00asw - {472083B0-C522-11CF-8763-00608CC02F24} - c:\Program Files\AVAST Software\Avast\ashShell.dll
O21-32 - ShellIconOverlayIdentifiers: OneDrive1 - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - ShellIconOverlayIdentifiers: OneDrive2 - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - ShellIconOverlayIdentifiers: OneDrive3 - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - ShellIconOverlayIdentifiers: OneDrive4 - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - ShellIconOverlayIdentifiers: OneDrive5 - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - ShellIconOverlayIdentifiers: OneDrive6 - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - ShellIconOverlayIdentifiers: OneDrive7 - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Task (Disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Disabled): \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe
O22 - Task (Disabled): \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll
O22 - Task (Disabled): \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll
O22 - Task (Disabled): \Microsoft\Windows\PushToInstall\LoginCheck - C:\WINDOWS\system32\sc.exe start pushtoinstall login
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UNP\RunUpdateNotificationMgr - C:\WINDOWS\System32\UNP\UpdateNotificationMgr.exe
O22 - Task (Disabled): \Microsoft\Windows\Workplace Join\Recovery-Check - C:\WINDOWS\System32\dsregcmd.exe /checkrecovery
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\WINDOWS\system32\sc.exe start osppsvc
O22 - Task (Disabled): shutdown - C:\Windows\System32\shutdown.exe /h
O22 - Task (Ready): AMDLinkUpdate - C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Task (Ready): Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe -check plugin
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): Avast Emergency Update - c:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Task (Ready): StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task (Ready): StartDVR - C:\Program Files\AMD\CNext\CNext\dvrcmd.exe (file missing)
O22 - Task (Ready): \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task (Ready): \Lenovo\ImController\Lenovo iM Controller Monitor - C:\WINDOWS\system32\ImController.InfInstaller.exe -checkremoval
O22 - Task (Ready): \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService
O22 - Task (Ready): \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask - C:\WINDOWS\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\d4cd9bd1-448e-4889-a166-5a3c2f35e36a - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger d4cd9bd1-448e-4889-a166-5a3c2f35e36a
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\e44f58fb-3b37-4ffa-a10b-75c8f35e8762 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger e44f58fb-3b37-4ffa-a10b-75c8f35e8762
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\fce48f2e-386d-4939-aa3b-7d8a829757ea - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger fce48f2e-386d-4939-aa3b-7d8a829757ea
O22 - Task (Ready): \Lenovo\Lenovo Service Bridge\S-1-5-21-900945925-988278395-3478122750-1001 - C:\Users\USER\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\Chkdsk\SyspartRepair - C:\WINDOWS\system32\bcdboot.exe %windir% /sysrepair
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh - {711001CD-CC1D-4470-9B7E-1EF73849C79E},ExploitGuardPolicy - C:\WINDOWS\System32\MitigationConfiguration.dll
O22 - Task (Ready): \Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures - {59EECBFE-C2F5-4419-9B99-13FE05FF2675} - C:\WINDOWS\System32\fcon.dll
O22 - Task (Ready): \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll
O22 - Task (Ready): \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll
O22 - Task (Ready): \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll
O22 - Task (Ready): \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - (no file)
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\Printing\EduPrintProv - C:\WINDOWS\system32\eduprintprov.exe
O22 - Task (Ready): \Microsoft\Windows\PushToInstall\Registration - C:\WINDOWS\system32\sc.exe start pushtoinstall registration
O22 - Task (Ready): \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\USB\Usb-Notifications - {E05BE1C8-92A8-4757-B575-ACAECB4E6A40} - C:\Windows\System32\UsbTask.dll
O22 - Task (Ready): \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - C:\WINDOWS\system32\MusNotification.exe Display
O22 - Task (Ready): \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - (no file)
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O22 - Task (Ready): \Microsoft\Windows\rempl\shell - C:\Program Files\rempl\sedlauncher.exe
O22 - Task (Ready): \Microsoft\Windows\rempl\shell-usoscan - C:\Program Files\rempl\remsh.exe /RunUsoScanOnly (file missing)
O22 - Task (Ready): \TVT\TVSUUpdateTask - C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe /CM -search R -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask
O22 - Task (Ready): \TVT\TVSUUpdateTask_UserLogOn - C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe PendingTask
O22 - Task (Ready): gxx speed launcher - D:\garena\Garena\Garena.exe -silentlaunch -gxxsvclaunch
O23 - Service R2: @oem42.inf,%HidMonitor.SvcDisp%;Alps SMBus Monitor Service - (ApHidMonitorService) - C:\Program Files\Apoint2K\HidMonitorSvc.exe
O23 - Service R2: @oem72.inf,%ImcSvcDisplayName%;System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service R2: @oem81.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0337968.inf_amd64_e9075e8c655a0e88\B337967\atiesrxx.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - c:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Garena platform service - (GarenaPlatform) - D:\garena\Garena\2.0.1904.0511\gxxsvc.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - D:\Program Files (x86)\kies\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: TunnelBear Maintenance - (TunnelBearMaintenance) - D:\Program Files (x86)\tunnebear\TunnelBear\TunnelBear.Maintenance.exe
O23 - Service R2: Windows Defender Security Center Service - (SecurityHealthService) - C:\WINDOWS\system32\SecurityHealthService.exe
O23 - Service R3: System Update - (SUService) - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service R3: aswbIDSAgent - c:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: AvastWscReporter - c:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\elevation_service.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Windows Defender Advanced Threat Protection Service - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe

–
End of file - Time spent: 37 sec. - 43896 bytes, CRC32: FFFFFFFF. Sign: C㽲

**maxim123** · 04-29-2019, 02:44 PM

Hi, got kernel security check failure just before when I turned on laptop (this is the first time it occurred). Is it possible for blue screen to occur when one hibernates laptop instead of turning it off ? I usually hibernate my laptop, so that I can access my documents or software faster and most of the blue screen occurred when I later turned on laptop right after windows loading screen before the start screen.

**Malnutrition** · 05-01-2019, 07:32 AM

Sorry for the delay, I have put in a lot of time at work. Should have a decently early day tomorrow. Ill have a reply for you then.

**Malnutrition** · 05-02-2019, 08:43 AM

Ok, for now please remove Avast from your machine and disable toolwhiz time freeze. Lets see if you get anymore crashes after that.

**Malnutrition** · 05-02-2019, 08:48 AM

And this is why CCleaner is erasing your dump files.

Disable Monitoring or uncheck the option to delete dump files from within CCleaner.
O4 - HKCU..\StartupApproved\Run: [CCleaner Smart Cleaning] (2019/01/01)C:\Program Files\CCleaner\CCleaner64.exe /MONITOR

**Malnutrition** · 05-02-2019, 09:20 AM

Also, find terminate and delete C:\WINDOWS\System32\drivers\zamguard64.sys with PChunter. Reboot after.

**maxim123** · 05-02-2019, 09:48 AM

Originally posted by Malnutrition

Ok, for now please remove Avast from your machine and disable toolwhiz time freeze. Lets see if you get anymore crashes after that.

By disabling, uninstalling or just exiting the app? also, does windows security defender work properly? I used to run only the default antivirus but someone said to install better antivirus and gave avast as an option. I will uninstall it though.

Originally posted by Malnutrition

And this is why CCleaner is erasing your dump files.

Disable Monitoring or uncheck the option to delete dump files from within CCleaner.
O4 - HKCU..\StartupApproved\Run: [CCleaner Smart Cleaning] (2019/01/01)C:\Program Files\CCleaner\CCleaner64.exe /MONITOR

i don’t have monitoring option in my ccleaner (free version v5.46.66) There is smart cleaning which I disabled just now. unchecked the memory dumps cleaning option, I haven’t used ccleaner for months actually tho.

Thanks. I will do these and reply asap. Also, does this mean I can continue to hibernate my laptop and not turn it off?

**maxim123** · 05-02-2019, 11:37 AM

Originally posted by Malnutrition

Also, find terminate and delete C:\WINDOWS\System32\drivers\zamguard64.sys with PChunter. Reboot after.

Hi, there was no terminate option, so I disabled it and tried to delete the driver, both the (file) and (file and reg) option, but it said delete failed. actually, it said delete ok first then I saw the file was still there, and tried again, then it said delete failed.
It was under Kernel Module.

**maxim123** · 05-02-2019, 11:46 AM

Originally posted by maxim123

Hi, there was no terminate option, so I disabled it and tried to delete the driver, both the (file) and (file and reg) option, but it said delete failed. actually, it said delete ok first then I saw the file was still there, and tried again, then it said delete failed.
It was under Kernel Module.

Edit: it was removed it seems, after I restarted, it was gone.

**maxim123** · 05-03-2019, 04:19 AM

I have done all the steps now. What should I do now?

**Malnutrition** · 05-03-2019, 05:15 AM

Originally posted by maxim123

By disabling, uninstalling or just exiting the app? also, does windows security defender work properly? I used to run only the default antivirus but someone said to install better antivirus and gave avast as an option. I will uninstall it though.

Remove Avast for now.

Originally posted by maxim123

I have done all the steps now. What should I do now?

Wait and see if it crashes again and let me know if it does.

bsod errors every now and then

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment