TLJaguar

Startup seems quite slow, it takes a little while after Windows loads before I can actually do anything. Also pauses every boot asking if I want to load windows or choose another option. But once windows is up and running, not getting any errors or other issues

--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19260194816 Downloaded database version: v2017.08.25.06 Downloaded database version: v2017.08.02.01 Downloaded database version: v2017.08.18.01 ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19947839488 Initializing... ======================================= DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19450486784 ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19895894016 Initializing... ====================== DDA Driver is not active. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 18725564416 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 18652442624 Downloaded database version: v2017.08.29.07 Downloaded database version: v2017.08.02.01 Downloaded database version: v2017.08.18.01 ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19577126912 ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue Initializing... ====================== DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 18202447872 ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19768623104 Initializing... ====================== DDA Driver is not active. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 18115670016 ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.413.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19928629248 Initializing... ====================== DDA Driver is not active. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.4.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.0.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 21430861824, free: 19341193216 Downloaded database version: v2017.08.29.08 Downloaded database version: v2017.08.29.09 Downloaded database version: v2017.08.29.10 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 08/29/2017 18:14:00 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\tpm.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\pciide.sys \SystemRoot\System32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\atapi.sys \SystemRoot\System32\drivers\ataport.SYS \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\TeeDriverW8x64.sys \SystemRoot\System32\drivers\e1i63x64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\AtihdWT6.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\HdAudio.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\drivers\usbprint.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\tunnel.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB9E473-3589-494A-884E-6167C6593EA3}\MpKsl708035e1.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.08.29.10 rootkit: v2017.08.02.01 <<<2>>> Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffce802b90b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffce802ae929f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffce802b90b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffce802b7326a0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffce802adb2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffce802b90c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffce802ae919f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffce802b90c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffce802ad72660, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffce802adaf060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 4C2B0944 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1380445279 GPT Header CurrentLba = 1 BackupLba 5860533167 GPT Header FirstUsableLba 34 LastUsableLba 5860533134 GPT Header Guid 58478540-58e3-466c-9660-7eb9bce5c9f7 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1380445279 Backup GPT header CurrentLba = 5860533167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 5860533134 Backup GPT header Guid 58478540-58e3-466c-9660-7eb9bce5c9f7 Backup GPT header Contains 128 partition entries starting at LBA 5860533135 Backup GPT header Partition entry size = 128 Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 797a958e-55e2-4530-ba8-2cd7a2a5fb50 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID b1a39b1d-fb64-4fa1-93b4-25f1f3b8b7 FirstLBA 264192 Last LBA 5860532223 Attributes 0 Partition Name Basic data partition Disk Size: 3000592982016 bytes Sector size: 512 bytes Done! Drive 1 This is a System drive Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: ADC9667E GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 3381713283 GPT Header CurrentLba = 1 BackupLba 488397167 GPT Header FirstUsableLba 34 LastUsableLba 488397134 GPT Header Guid 7be1d017-3608-47f5-975e-ae404b166e2a GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 3381713283 Backup GPT header CurrentLba = 488397167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 488397134 Backup GPT header Guid 7be1d017-3608-47f5-975e-ae404b166e2a Backup GPT header Contains 128 partition entries starting at LBA 488397135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 80572099-cc62-4121-abc0-377a4aacb951 FirstLBA 2048 Last LBA 923647 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID c078fb2a-61dd-487f-a244-b48978826067 FirstLBA 923648 Last LBA 1128447 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 82952695-51a1-41b6-8bd4-7999b0564580 FirstLBA 1128448 Last LBA 1161215 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 9d2fc78b-de2b-4d9f-92e0-4e318986d5b FirstLBA 1161216 Last LBA 488396799 Attributes 0 Partition Name Basic data partition Disk Size: 250059350016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffce802c0e5610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffce802c112960, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffce802c0e5610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffce802bd2c060, DeviceName: \Device\0000003b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: C:\$Recycle.Bin\S-1-5-21-584086061-3025348732-3442670432-1002\$R9GS8VN\u.exe --> [Adware.Yelloader] Infected: C:\$Recycle.Bin\S-1-5-21-584086061-3025348732-3442670432-1002\$RTVXR6D\s5m_install_325.exe --> [Trojan.Clicker] File "C:\Users\tljag\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.83" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D498E9EBD89C7FC96C414D35F660ACCFDF98F18A.bin.7C" is compressed (flags = 1) Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/29/17 Scan Time: 7:32 PM Log File: 562b3b9c-8d12-11e7-9517-082e5f2f81b6.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2685 License: Free -System Information- OS: Windows 10 (Build 15063.540) CPU: x64 File System: NTFS User: DESKTOP-SSGMRCJ\tljag -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 322716 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 11 PUP.Optional.SpyHunter, C:\USERS\TLJAG\DESKTOP\SPYHUNTER-INSTALLER.EXE, Quarantined, [927], [345850],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REIMAGE.EXE, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REI_ENGINE.DLL, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REIMAGEREMINDER.EXE, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\LZMA.EXE, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REI_AVIRA.EXE, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REIMAGESAFEMODE.EXE, Quarantined, [1050], [388085],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REI_SUPPORTINFOTOOL.EXE, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REIMAGEREPAIR.EXE, Quarantined, [1050], [331559],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\REI_AXCONTROL.DLL, Quarantined, [1050], [327181],1.0.2685 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-584086061-3025348732-3442670432-1002\$RNURPF6\SAVAPI3.DLL, Quarantined, [1050], [327181],1.0.2685 Physical Sector: 0 (No malicious items detected) (end)

Where do I find the log file?

I reset windows and mbar.cmd is working. Scan is running and has found 2 malware so far. Do you have recommendations for other scans to run after I do mbar and standard mwbyte scans?

I ran through the above steps several times with the same results. I have the install files for my main applications, so I'm going to try resetting windows.

Ran as admin, it made me reboot again to load DDA drivers, booted into Windows, still getting the same DDA Driver is not active error

yes I re-downloaded and updated,

Root kit database is up to date v2017.08.02.01, but I still get the DDA Driver error no matter which "scan targets" are checked

Is it still 1.09.4.101 or should it have a newer version number?

No.all my restore points have disappeared

Do I "reset this pc" or is there another option I should choose?

I had created occasional restore points including one shortly before getting this infection, but recovery mode doesn't show any restore points anymore.

I'm usually alot more careful about what I download, I just got careless. Is this recoverywhere I need to be?

Any ideas on the DDA Driver?

The cmd started the program, it ran update but then said it needed to reboot to install DDA Driver. After rebooot mbar.cmd starts but says "DDA Driver is not active. Scan can't continue"

In normal boot or safemode?

I followed to see steps and it boots to this screen. F8 takes me back to the blue screen menu

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by tljag (25-08-2017 09:40:28) Run:3 Running from F:\ Loaded Profiles: tljag (Available Profiles: tljag) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** Start Task: {34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} - no filepath Task: {8B72ADDF-0898-4526-A2D5-7D12799DAE68} - no filepath Task: {A1761952-2FE0-4719-B1E1-FFF326C3B76E} - no filepath Task: {C523C512-5B98-4030-BE02-07453FB62565} - no filepath Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () C:\Program Files (x86)\Internet Explorer\iexplore.bat Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\Users\Public\Desktop\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () C:\Program Files (x86)\Mozilla Firefox\firefox.bat ShortcutWithArgument: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D HKLM\...\RunOnce: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cisB710.exe [4784320 2017-07-11] (COMODO) GroupPolicyScripts: Restriction <==== ATTENTION GroupPolicyScripts-x32: Restriction <==== ATTENTION HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://rotary.vsgdover.com/ FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\7300156.js [2017-08-20] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\7300156.cfg [2017-08-20] <==== ATTENTION S2 windowsmanagementservice; C:\Users\tljag\AppData\Local\qhneoz\lclhgr\ct.exe [535552 2017-08-08] () [File not signed] <==== ATTENTION C:\Users\tljag\AppData\Local\qhneoz 2017-08-21 17:00 - 2017-08-21 16:34 - 000380928 _____ C:\Users\tljag\Desktop\yxm9r0dv.exe 2017-08-21 16:04 - 2017-08-22 07:38 - 000000000 ____D C:\Program Files\Reimage 2017-08-21 16:02 - 2017-08-22 08:06 - 000081696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys 2017-08-20 20:43 - 2017-08-21 13:09 - 000000000 ____D C:\Users\tljag\AppData\Local\llssoft 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Windows\system32\vmanrty 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Users\tljag\AppData\Roaming\et 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Users\tljag\AppData\Local\qhneoz End ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B72ADDF-0898-4526-A2D5-7D12799DAE68} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B72ADDF-0898-4526-A2D5-7D12799DAE68} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1761952-2FE0-4719-B1E1-FFF326C3B76E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1761952-2FE0-4719-B1E1-FFF326C3B76E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C523C512-5B98-4030-BE02-07453FB62565} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C523C512-5B98-4030-BE02-07453FB62565} => key removed successfully C:\Windows\Tasks\ReimageUpdater.job => not found. "C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move. "C:\Program Files (x86)\Internet Explorer\iexplore.bat" => not found. "C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Could not move. "C:\Users\Public\Desktop\??zill? Fir?f??.lnk" => Could not move. "C:\Program Files (x86)\Mozilla Firefox\firefox.bat" => not found. C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => not found. C:\Users\Public\Desktop\Google Chrome.lnk => not found. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "C:\Program Files (x86)\mozilla firefox\defaults\pref\7300156.js" => not found. "C:\Program Files (x86)\mozilla firefox\7300156.cfg" => not found. HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key removed successfully windowsmanagementservice => service removed successfully C:\Users\tljag\AppData\Local\qhneoz => moved successfully "C:\Users\tljag\Desktop\yxm9r0dv.exe" => not found. "C:\Program Files\Reimage" => not found. "C:\Windows\system32\Drivers\msidntfs.sys" => not found. "C:\Users\tljag\AppData\Local\llssoft" folder move: Could not move "C:\Users\tljag\AppData\Local\llssoft" => Scheduled to move on reboot. "C:\Windows\system32\vmanrty" folder move: Could not move "C:\Windows\system32\vmanrty" => Scheduled to move on reboot. C:\Users\tljag\AppData\Roaming\et => moved successfully "C:\Users\tljag\AppData\Local\qhneoz" => not found. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-08-2017 09:46:11) "C:\Users\tljag\AppData\Local\llssoft" => Could not move "C:\Windows\system32\vmanrty" => Could not move ==== End of Fixlog 09:46:39 ====

That worked! Here are my options

Ok,ran frst64 and fixed. below is fixlog.txt. Rebooting now ix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by tljag (25-08-2017 09:21:43) Run:1 Running from C:\Users\tljag\Desktop Loaded Profiles: tljag (Available Profiles: tljag) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End ***************** Processes closed successfully. ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 09:21:44 ====

I've tried f8, shift+f8,windowsbuton+f8, shift+restart and the steps in the link you set and every time windows boots normally

I followed those steps and computer still boots straight into Windows normally

F8 didn't get me to advanced boot options. As is booted and i was tapping f8 Some message flashed on the screen to fast to read, then windows loaded normally. I'll try again

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by tljag (22-08-2017 08:11:31) Running from C:\Users\tljag\Downloads Windows 10 Pro Version 1703 (X64) (2017-06-01 02:38:02) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-584086061-3025348732-3442670432-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-584086061-3025348732-3442670432-503 - Limited - Disabled) Guest (S-1-5-21-584086061-3025348732-3442670432-501 - Limited - Disabled) tljag (S-1-5-21-584086061-3025348732-3442670432-1002 - Administrator - Enabled) => C:\Users\tljag ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD} AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Protection (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D} FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software) calibre (HKLM-x32\...\{5B27E69E-F59D-4B62-901F-F6981C826A5A}) (Version: 3.4.0 - Kovid Goyal) Carbonite (HKLM-x32\...\{4D2CAC51-4B1D-4A1A-A592-650C49BF9D3C}) (Version: 6.3.0 build 7063 (May-09-2017) - Carbonite) Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-584086061-3025348732-3442670432-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project) QuickBooks (HKLM-x32\...\{1D70AABC-CB59-4700-A708-EA56D1CA07B0}) (Version: 21.0.4014.904 - Intuit Inc.) Hidden QuickBooks Premier Edition 2011 (HKLM-x32\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [2004-12-14] (Adobe Systems Inc.) ContextMenuHandlers1-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility) ContextMenuHandlers1-x32: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility) ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility) ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B1A7706-035A-49FA-BD41-8E0555997081} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {15B7A040-C7A5-44E8-A717-389814FE6A98} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {17F0AE42-BEA2-47EC-8E79-57671C6DFA7A} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {21EE33D7-93F1-4F07-8D92-E299AA43AFA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.) Task: {2C82CF7B-2E19-4897-9B35-994DD6D4D2D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.) Task: {34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} - no filepath Task: {8AAF0137-BA37-44BF-9148-AB085D9D40FE} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {8B72ADDF-0898-4526-A2D5-7D12799DAE68} - no filepath Task: {9526D871-8E08-4188-8EED-752D8505EFA3} - System32\Tasks\EPSON WF-2650 Series Update {68A57124-907B-4DFD-A27B-BB4DFE7CFAE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION) Task: {A1761952-2FE0-4719-B1E1-FFF326C3B76E} - no filepath Task: {B6CE275E-56F8-4511-95DB-86F8C754CB8C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {C523C512-5B98-4030-BE02-07453FB62565} - no filepath Task: {FCBA7017-813E-4F4B-A346-649941E6DC60} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\EPSON WF-2650 Series Update {68A57124-907B-4DFD-A27B-BB4DFE7CFAE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{68A57124-907B-4DFD-A27B-BB4DFE7CFAE3} /F:UpdateWORKGROUP\DESKTOP-SSGMRCJ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () ShortcutWithArgument: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ==================== Loaded Modules (Whitelisted) ============== 2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" iver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Adobe Acrobat Speed Launcher.lnk" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "vgarvsl.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E859DAD7-459A-4AEF-9BFF-FB0D7E5E41C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F727680C-4E2B-4D11-A5D3-5AD95DB714A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{32C20340-141F-410D-9437-F7A10BA3F01E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{1CEA3E2E-E763-495D-A887-0A38201DB498}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{7FD4BCF2-761C-474E-BFC4-7244801D20DD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{C163EC7C-F67C-4537-83A5-B8B2DD00414A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{A20BC1E1-0B0D-41E9-8E52-2959B72F9861}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{391BAC64-7971-47E6-B42D-2CB228848845}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D2B2EF7E-C05A-4F1A-AC5D-0EFF64EAE82D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{60D1EB57-A5F5-435D-89D6-0E6876A4EC08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0A6D96ED-1BBD-460C-8C8A-C5A0ADF2E4A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-08-2017 13:26:28 Windows Update ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/22/2017 07:49:48 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service COMODO Virtual Service Manager since OpenService API failed System Error: The specified service does not exist as an installed service. . Error: (08/22/2017 07:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service COMODO Internet Security Helper Service since OpenService API failed System Error: The specified service does not exist as an installed service. . Error: (08/22/2017 07:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary COMODO Internet Security Eradication Driver. System Error: The system cannot find the file specified. . Error: (08/22/2017 07:41:57 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:39:45 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:38:14 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:35:35 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:34:03 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {fd01dd13-c835-4678-be28-decdec00e60c} Error: (08/22/2017 07:00:50 AM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle System errors: ============= Error: (08/22/2017 08:12:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/22/2017 08:12:13 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} CodeIntegrity: =================================== Date: 2017-08-22 07:41:44.075 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:36:38.694 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:03:51.689 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:02:40.048 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:02:40.044 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:00:48.647 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 06:55:33.601 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 06:53:46.981 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 06:36:11.267 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 05:57:49.634 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Percentage of memory in use: 8% Total physical RAM: 20438.06 MB Available physical RAM: 18771.06 MB Total Virtual: 21718.06 MB Available Virtual: 20198.6 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.33 GB) (Free:110.45 GB) NTFS Drive d: (seagate) (Fixed) (Total:2794.39 GB) (Free:1853.41 GB) NTFS Drive e: (GRIMM) (CDROM) (Total:6.64 GB) (Free:0 GB) UDF Drive k: () (Removable) (Total:3.74 GB) (Free:3.56 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: ADC9667E) Partition: GPT. ======================================================== Disk: 1 (Size: 2794.5 GB) (Disk ID: 4C2B0944) Partition: GPT. ======================================================== Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================