Mikey1 Posted September 13, 2017 Author ID:1163120 Share Posted September 13, 2017 Still not able to run MBar 1 Kevin, I was reading other reports on the forum and Aura seemed to have some success with the same problem but I can't find the post now, but it was exactly the same problems I am having and he managed to get it fixed running 2 fixlist? for the guy anything else you can do... Mike Link to post Share on other sites More sharing options...
kevinf80 Posted September 13, 2017 ID:1163122 Share Posted September 13, 2017 Hiya Mike, Yes i`ve already fixed a few of these myself. The problem is the infection changes quite often so the hidden rootkit and drivers change, The cmd within FRST to enable access to the recovery environment is also hitting a brick wall... apologies for dragging this out, its a real PITA for sure... I`m going to go back over all of the logs and see what i`m missing... Cheers, Kevin... Link to post Share on other sites More sharing options...
Mikey1 Posted September 13, 2017 Author ID:1163132 Share Posted September 13, 2017 Thanks Kevin appreciate it. I have downloaded UVK to see if I can run antimalwarebytes from it. Just watched a video on YouTube by Britec. Link to post Share on other sites More sharing options...
Mikey1 Posted September 13, 2017 Author ID:1163199 Share Posted September 13, 2017 Thanks Kevin appreciate it. I have downloaded UVK to see if I can run antimalwarebytes from it. ( that didn't work ) Link to post Share on other sites More sharing options...
kevinf80 Posted September 13, 2017 ID:1163225 Share Posted September 13, 2017 Hiya Mike, I`ve gone back over your thread and eventually found the driver that seems to be causing the problems, just need you to run the attached fix via FRST from the recovery environment... Use the System Repair Disc you created to access the RE and choose an option window, then do what you did in reply #69 to run the fix with FRST on your USB flashdrive.... Post the produced log, after that boot back to normal windows and try MBAR... Thanks, Kevin fixlist.txt Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163386 Share Posted September 14, 2017 So now when I boot from recovery USB I get the same screen with the options of command prompt click on it but when I put the drive letter of USB frst is on it tells me it's not recognised also the USB my recover drive is plugged into say's X:\ when it should be O:\ Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163503 Share Posted September 14, 2017 Sorry Kevin got in a bit of a pickle anyway managed it at last have attached the fixlog.txt Fixlog.txt Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163514 Share Posted September 14, 2017 Have been trying MBAR and Chamilion but still saying The requested resource in use. Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163531 Share Posted September 14, 2017 Hiya Mike, MBAR has been updated and should now run and remove the infection SmartService, delete all versions of MBAR you have on your system. Download and run again from the following link, make sure to use settings shown in the instructions... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163544 Share Posted September 14, 2017 Kevin when I click scan I am still getting DDA driver could not load should I let it reboot Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163546 Share Posted September 14, 2017 Yes please, MBAR has been updated to deal with the infection you have.... Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163547 Share Posted September 14, 2017 On reboot it now says DDA driver not active scan can't run Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163548 Share Posted September 14, 2017 mmmm. i`ve just been informed that MBAR now deals with SmartService.... Did you uncheck Sectors and System from the Target settings.... Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163549 Share Posted September 14, 2017 Yes I did that Kevin Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163553 Share Posted September 14, 2017 Hiya Mike, I`ve PM`d the Admin guy regarding MBAR still failing to run, i`ll get back to you when I get a response... Kevin... Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163555 Share Posted September 14, 2017 OK Kevin thanks pal do you have any hair? Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163557 Share Posted September 14, 2017 Not much.... saves on haircuts...lol Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163559 Share Posted September 14, 2017 Haha we'll get tha b...ard in the end Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163623 Share Posted September 14, 2017 Hiya Mike. Need some information to see what is stopping MBAR from running, can you open the MBAR folder and attach or copy/paste this log from last attempt to your repy system-log.txt Also run FRST again and post two new logs.... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Drivers MD5 under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Thanks Kevin... Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163626 Share Posted September 14, 2017 Do I need to run FRST in recovery mode or doesn't it matter for this scan Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163627 Share Posted September 14, 2017 Normal windows will be ok..... Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163633 Share Posted September 14, 2017 Malwarebytes Anti-Rootkit BETA 1.10.1.1002 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.14393 Windows 10 x64 Account is Administrative Internet Explorer version: 11.1593.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 17136472064, free: 14792196096 Downloaded database version: v2017.09.13.03 Downloaded database version: v2017.09.13.04 Downloaded database version: v2017.09.13.05 Downloaded database version: v2017.09.13.06 Downloaded database version: v2017.09.13.07 Downloaded database version: v2017.09.13.08 Downloaded database version: v2017.09.13.09 Downloaded database version: v2017.09.13.10 Downloaded database version: v2017.09.14.01 Downloaded database version: v2017.09.14.02 Downloaded database version: v2017.09.14.03 Downloaded database version: v2017.09.14.04 Downloaded database version: v2017.09.14.05 Downloaded database version: v2017.09.14.06 Downloaded database version: v2017.09.14.07 Downloaded database version: v2017.09.13.01 ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.1.1002 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.14393 Windows 10 x64 Account is Administrative Internet Explorer version: 11.1593.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 17136472064, free: 16050053120 ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Initializing... DDA Driver is not active. Scan can't continue ======================================= Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163636 Share Posted September 14, 2017 It wouldn't let me just add the file so had to copy and paste Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02 Ran by Micke (14-09-2017 21:02:55) Running from F:\Data\Desktop\New folder Windows 10 Pro Version 1607 (X64) (2017-03-03 13:06:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1683162545-4236984137-2836460707-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1683162545-4236984137-2836460707-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1683162545-4236984137-2836460707-1000 - Limited - Disabled) => C:\Users\defaultuser0 Invitado (S-1-5-21-1683162545-4236984137-2836460707-501 - Limited - Disabled) Micke (S-1-5-21-1683162545-4236984137-2836460707-1001 - Administrator - Enabled) => C:\Users\Micke ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) BitTorrent (HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) calibre (HKLM-x32\...\{BDE6D02A-86B7-4D4C-8248-7705C1C0CC79}) (Version: 2.78.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) CloudExtender (HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\CloudExtender) (Version: - AltoCloud) <==== ATTENTION Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) DragonBoost (HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\119) (Version: - ) <==== ATTENTION Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HP DeskJet 3630 series Basic Device Software (HKLM\...\{82088106-8F3E-4C76-A919-607CB9BA02AE}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Imagenomic Noiseware 5.0.2 Plug-in (build 5020) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - ) Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.4.0.2119 - IObit) iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.) MeOptimum_x86 (HKLM-x32\...\MeOptimum_x86) (Version: - ) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Language Pack 2013 - English (HKLM\...\Office15.OMUI.en-us) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 55.0.3 (x64 en-GB) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-GB)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google) NVIDIA Controlador de 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation) NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Controlador de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.6.0.332 - Corel Corporation) Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version: - VPP TEAM) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{11AF0CB4-0708-4DDF-BB66-FC8CF90E3425}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) Programa Saal Design (HKLM-x32\...\{C282441B-17F9-D962-99A0-3687A78099EA}) (Version: 4.1 - Saal Digital Fotoservice GmbH) Hidden Programa Saal Design (HKLM-x32\...\ProgramaSaalDesign) (Version: 4.1 - Saal Digital Fotoservice GmbH) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION SwytShop version 1.0 (HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\SwytShop_Pkg2_is1) (Version: 1.0 - SwytShop) <==== ATTENTION VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32-x32-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit) ContextMenuHandlers1: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit) ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation) ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit) ContextMenuHandlers6: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0613D9B1-C31B-489D-A786-D462E5C0683E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2017-08-18] (Microsoft Corporation) Task: {071459E2-BD55-4D88-A542-82080BCE9E09} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-06] (Dropbox, Inc.) Task: {2D6A8D6E-1312-4DE0-8586-A3CDB6425702} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd) Task: {2F4C8E8E-AABF-4EDB-98C8-3EC5E3EC49E0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-06] (Dropbox, Inc.) Task: {3156C563-7F01-41E7-B97C-75ADA4A175B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {3F5585C5-ABAF-4F78-AE34-F6E65576601B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {64E0F622-6D76-49B4-A7F5-070903B603A6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {6902BE02-79B3-4E43-9F62-056721D1652E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {7418F9AE-77A1-4C91-88F1-83F6D0DDA95A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-BLBF82Q-Micke DESKTOP-BLBF82Q => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {8842094D-2B68-4E5E-9F39-C2345B1F07D0} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-07-05] () Task: {9EC7849C-FA7A-4A94-BEA0-F9EA4F3F3029} - System32\Tasks\Uninstaller_SkipUac_Micke => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-05-26] (IObit) Task: {C4B66F17-65D0-450B-B631-6AE959B51B95} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {CCBAC937-B36F-408F-A3DE-77CFDB5AE2C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {D892D099-4EA7-4910-A302-AA741120724C} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Micke.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-07-16 12:13 - 2017-06-21 09:48 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll 2017-03-03 15:11 - 2016-11-14 13:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-03-03 17:28 - 2016-09-07 06:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-17 15:24 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-17 15:24 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-17 15:24 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-17 15:24 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-08-18 12:06 - 2017-03-04 08:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-08-18 12:06 - 2017-08-01 20:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-08-18 12:06 - 2017-08-01 20:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-08-23 17:40 - 2017-08-23 18:40 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-23 17:40 - 2017-08-23 18:40 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-23 17:40 - 2017-08-23 18:40 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-23 17:40 - 2017-08-23 18:40 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-08-14 19:33 - 2017-08-18 10:02 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-08-14 19:33 - 2017-08-18 10:02 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-08-14 19:33 - 2017-08-18 10:02 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-08-14 19:33 - 2017-08-18 10:02 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2017-08-14 19:33 - 2017-08-18 10:02 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-08-14 19:33 - 2017-08-18 10:02 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2017-06-06 09:13 - 2017-06-06 09:20 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-06 09:13 - 2017-06-06 09:20 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2017-08-14 19:33 - 2017-08-18 10:02 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-04-26 19:07 - 2017-03-28 17:08 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-04-26 19:07 - 2017-03-28 17:08 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-04-26 19:07 - 2017-03-28 17:08 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-09-07 08:45 - 2017-09-06 12:29 - 000771392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-09-07 08:45 - 2017-09-06 12:29 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-06-15 09:52 - 2017-09-06 12:29 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-09-07 08:45 - 2017-09-06 12:31 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-09-07 08:45 - 2017-09-06 12:31 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-09-07 08:45 - 2017-09-06 12:31 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-09-07 08:45 - 2017-09-06 12:29 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-09-07 08:45 - 2017-09-06 12:29 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-06-15 09:52 - 2017-09-06 12:29 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-09-07 08:45 - 2017-09-06 12:29 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-09-07 08:45 - 2017-09-06 12:29 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-06-15 09:52 - 2017-09-06 12:34 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-09-07 08:45 - 2017-09-06 12:31 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-09-07 08:45 - 2017-09-06 12:35 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-06-15 09:52 - 2017-09-06 12:35 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-06-15 09:52 - 2017-09-06 12:35 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-06-15 09:52 - 2017-09-06 12:35 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-06-15 09:52 - 2017-09-06 12:35 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-06-15 09:52 - 2017-09-06 12:35 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-09-07 08:45 - 2017-09-06 12:31 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-06-15 09:52 - 2017-09-06 12:29 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-06-15 09:52 - 2017-09-06 12:35 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-09-07 08:45 - 2017-09-06 12:29 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-09-07 08:45 - 2017-09-06 12:31 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-09-07 08:45 - 2017-09-06 12:29 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-09-07 08:45 - 2017-09-06 12:31 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-06-15 09:52 - 2017-09-06 12:34 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-09-07 08:45 - 2017-09-06 12:32 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-06-15 09:52 - 2017-09-06 12:35 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-06-15 09:52 - 2017-09-06 12:34 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2017-09-07 08:45 - 2017-09-06 12:32 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2017-04-26 19:07 - 2017-03-28 17:09 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-04-26 19:07 - 2017-05-10 13:19 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 13:47 - 2017-09-07 18:51 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Control Panel\Desktop\\Wallpaper -> f:\Data\Downloads\sandbanks air1.jpg DNS Servers: 208.67.222.222 - 208.67.220.220 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\...\StartupApproved\Run: => "Advanced SystemCare 10" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{821CD6D3-9962-4251-B0DE-A7AE05EDCF13}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{90FF99EF-6E87-43EC-A28E-1A0078806EE5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{D803B74B-3DAF-4DF3-8A86-84FB79DAA1CE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{FF4F19DD-2AE8-4B3B-8639-58861EFA8069}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{1DFDF97C-BA2C-403E-A8F5-10EBBE1DEA27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D8309B0E-8510-48B0-8A98-1B11F4465E69}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{860C6DED-96D0-4016-B538-89573E555F42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FCFF0F4F-EE64-4EB7-8A2B-29336B118716}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6C467013-EE17-4B4D-833A-6A83EF5B0271}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{84B817AA-988A-4A3F-918A-932EE9D4418C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{3C8B67FC-6846-4550-94F1-2F45AD57FB43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{454EA9CB-0D1A-44B4-9228-2860387CC421}] => (Allow) C:\Users\Micke\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{A0296962-6A09-47B3-A0A6-73E93628C3C5}] => (Allow) C:\Users\Micke\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{4C27426D-149D-435E-916E-73102908BA66}] => (Allow) C:\Users\Micke\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{052CABBF-7A75-4F60-B052-81B7C8EA7E94}] => (Allow) C:\Users\Micke\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{2B1BF1BA-66DA-4F8F-BE8D-C5E472E7FD3D}] => (Allow) C:\Users\Micke\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{F7AC4507-35B5-47E6-8F44-4389120A6D43}] => (Allow) C:\Users\Micke\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{040E5B99-1F98-433E-BB24-996FC81EA2A2}C:\users\micke\appdata\roaming\bittorrent\updates\7.10.0_43917.exe] => (Allow) C:\users\micke\appdata\roaming\bittorrent\updates\7.10.0_43917.exe FirewallRules: [UDP Query User{13930435-4781-4C8D-9C0D-8D72D4FA0D57}C:\users\micke\appdata\roaming\bittorrent\updates\7.10.0_43917.exe] => (Allow) C:\users\micke\appdata\roaming\bittorrent\updates\7.10.0_43917.exe FirewallRules: [{1DB2A3A1-9F5B-444F-8DE6-2B62C6982341}] => (Block) C:\users\micke\appdata\roaming\bittorrent\updates\7.10.0_43917.exe FirewallRules: [{A1B45217-A287-4401-848F-462BA7118921}] => (Block) C:\users\micke\appdata\roaming\bittorrent\updates\7.10.0_43917.exe FirewallRules: [{E0D4A170-A3C0-4781-A9C3-F8588092E88F}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe FirewallRules: [{77500423-8C6D-45D2-86D1-9C1CCFC30AB2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe FirewallRules: [{3192C2B2-35E2-4460-B7D4-52B66E31D663}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe FirewallRules: [{03D13C7A-E55B-4B20-B1F5-A8AA7593DC6B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe FirewallRules: [{4E0AE695-36F3-46AB-9E32-D5F3F683BEA7}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe FirewallRules: [{945EAA49-5D25-4F12-8E73-BA03EF2B56D9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe FirewallRules: [{752C9EB2-73B1-4463-8C26-D33E3A207AD4}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{1891897C-42CA-4EA6-B536-4CBF0BD0C4A2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{204D14AB-9E2E-451C-8A40-A950617464A0}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe FirewallRules: [{2BE2010A-B76A-419C-B591-E33B64052AFA}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{6B9BCCBC-A597-4382-A3DE-52AA8C3D5113}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{048E75BE-AC83-414A-9F70-9BF94B801098}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe FirewallRules: [UDP Query User{FE998B24-1C53-488B-A85E-5ACDDCC6B0A1}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe FirewallRules: [{AA6F204B-22A0-4985-85CA-5C28B19D6FF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{D077F8CF-F7F2-4276-A143-1A504E577F1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{9836B72C-EB4D-4E48-B5F2-E5F41E680DFD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D6D2E11D-A9A8-4ACF-93F5-E0A37969CCC8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{52BEE6E7-C0FF-4756-A4C0-595574F9987F}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe FirewallRules: [{177BF058-EDF7-45D9-88C2-2F122CD13A39}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe ==================== Restore Points ========================= 12-09-2017 12:26:39 Advanced SystemCare 10 restore point 12-09-2017 12:35:43 IObit Malware Fighter 5 restore point ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2017 06:31:06 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, Controlador no válido. . Operación: Ejecutando operación asincrónica Contexto: Estado actual: DoSnapshotSet Error: (09/14/2017 06:30:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft. System Error: Acceso denegado. . Error: (09/14/2017 03:33:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BLBF82Q) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/14/2017 12:46:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft. System Error: Acceso denegado. . Error: (09/14/2017 12:45:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft. System Error: Acceso denegado. . Error: (09/13/2017 05:52:47 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, Controlador no válido. . Operación: Ejecutando operación asincrónica Contexto: Estado actual: DoSnapshotSet Error: (09/13/2017 05:52:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft. System Error: Acceso denegado. . Error: (09/13/2017 05:18:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 10.0.14393.1532, time stamp: 0x5965adb0 Faulting module name: DUI70.dll, version: 10.0.14393.953, time stamp: 0x58ba59c6 Exception code: 0xc0000005 Fault offset: 0x000000000001e05b Faulting process ID: 0x9ec Faulting application start time: 0x01d32ca2f615dd25 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\DUI70.dll Report ID: b84b5997-c6d5-4c74-872c-38b0205f2deb Faulting package full name: Faulting package-relative application ID: Error: (09/13/2017 01:11:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vmtmege.exe, version: 1.0.1.5, time stamp: 0x59991256 Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a Exception code: 0xc0000005 Fault offset: 0x01eed9f0 Faulting process ID: 0x8c4 Faulting application start time: 0x01d32c80dc0d70f7 Faulting application path: C:\Users\Micke\AppData\Local\ntuserlitelist\vmaytuh\vmtmege.exe Faulting module path: C:\Users\Micke\AppData\Local\ntuserlitelist\vmaytuh\libcef.dll Report ID: bdac7c4e-30aa-403d-97bd-4193a0144e01 Faulting package full name: Faulting package-relative application ID: Error: (09/13/2017 11:28:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft. System Error: Acceso denegado. . System errors: ============= Error: (09/14/2017 06:57:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Actualización de características a Windows 10, versión 1703. Error: (09/14/2017 06:54:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Servicio de Windows Defender service failed to start due to the following error: The requested resource is in use. Error: (09/14/2017 06:51:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: The requested resource is in use. Error: (09/14/2017 06:50:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BLBF82Q) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (09/14/2017 06:50:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BLBF82Q) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (09/14/2017 06:50:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2017 06:45:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The B331E1EE service failed to start due to the following error: Access is denied. Error: (09/14/2017 06:07:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool. Error: (09/14/2017 05:18:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Actualización de características a Windows 10, versión 1703. Error: (09/14/2017 05:13:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Servicio de Windows Defender service failed to start due to the following error: The requested resource is in use. CodeIntegrity: =================================== Date: 2017-09-05 12:00:16.367 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-01 12:58:44.409 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-28 09:52:04.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:31:27.051 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:31:27.049 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:29:16.257 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:29:16.255 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:23:39.939 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:23:39.937 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-24 12:21:19.686 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G2120 @ 3.10GHz Percentage of memory in use: 13% Total physical RAM: 16342.61 MB Available physical RAM: 14205.02 MB Total Virtual: 18774.61 MB Available Virtual: 16629.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:138.94 GB) (Free:70.87 GB) NTFS Drive d: (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.11 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Fixed) (Total:931.17 GB) (Free:834.21 GB) NTFS Drive k: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] Drive l: () (Fixed) (Total:297.99 GB) (Free:152.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 669C0FE5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4210153D) Partition 1: (Active) - (Size=353 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: C870E7A5) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=84.1 GB) - (Type=05) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2017 ID:1163641 Share Posted September 14, 2017 Do you also have main log "FRST.txt" Link to post Share on other sites More sharing options...
Mikey1 Posted September 14, 2017 Author ID:1163642 Share Posted September 14, 2017 I did send it Kevin, I will send again. Link to post Share on other sites More sharing options...
Recommended Posts