Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by sgfra (22-07-2017 08:51:21)
Running from C:\Users\sgfra\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-02 13:28:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2398247234-322909077-3554112957-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2398247234-322909077-3554112957-503 - Limited - Disabled)
Guest (S-1-5-21-2398247234-322909077-3554112957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2398247234-322909077-3554112957-1003 - Limited - Enabled)
sgfra (S-1-5-21-2398247234-322909077-3554112957-1001 - Administrator - Enabled) => C:\Users\sgfra
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Airflow (64-bit) 1.0.0-beta7 (HKLM\...\Airflow (64-bit)) (Version: 1.0.0-beta7 - InMethod, s.r.o.)
Any DVD Cloner Platinum 1.3.5 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com)
AOMEI PE Builder 1.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (64 bit) (HKLM\...\{CF0609C1-687B-4133-9AB9-D6DE00D20715}) (Version: 4.5.7.6389 - Canneverbe Limited)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iMyFone Umate 3.5.0.0 (HKLM-x32\...\{5284F901-9F62-4462-A0E6-2E4373A64454}_is1) (Version: 3.5.0.0 - Shenzhen iMyFone Technology Co., Ltd.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 en-US)) (Version: 52.2.1 - Mozilla)
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8090 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11207 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers01: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers01: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> No File
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers01: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers01: [JZContextMenuExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers01: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers01: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers01: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers01: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers02: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers04: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers04: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers04: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers06: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers06: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File
ContextMenuHandlers06: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers06: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C1D14B-5D42-4E13-9663-37A2CEB0F020} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)
Task: {369B3F35-1132-4B21-9F97-6C3BEFC4F163} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {5B5F3FF6-16B0-47C0-B585-1DD31CDC73AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {5EF8CA43-25DE-4F65-9128-6A2224EA14C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {69ADD456-97DC-40D2-A3A7-97FD5187D3E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {6D30E43B-C488-4A2B-888C-EFD8ECAC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {7C77F0D1-6B83-47EF-B959-5613E91B8347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {7DD49B40-8BBC-4EB3-BA14-C69D4FD35843} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {96BB6AEE-7089-47AA-A8E9-DB15A96D45B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {A57ED87D-7FF1-41E6-9609-92A55AE2F44F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {AB167AD5-9E96-47BD-B019-821D580D0875} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AEB22F16-E881-4E56-ACFF-84A40B82934C} - System32\Tasks\{6149496B-2D6F-4DBD-B9D7-5587A08FFF57} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\sgfra\1 - Softs & Backups\mp3gain-win-full-1_2_5.exe" -d "C:\Users\sgfra\1 - Softs & Backups"
Task: {CE8D14B3-C655-40FE-9117-C13653B4ADAB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-03-29] (Realtek Semiconductor)
Task: {DC14A4FD-9996-4422-B417-88247865842A} - System32\Tasks\NameWist => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NameWist\NameWist.dll",DvCAFRONSDT <==== ATTENTION
Task: {E5090C3B-C41D-434E-A3D9-777F10FB8DE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {F43C39A8-F9BA-47E5-8B91-E5B7A7E1FC84} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {FA92BFEE-6707-47EE-9407-F940D11FCC2B} - System32\Tasks\{033A28E5-8CD0-4F90-8CA3-09BB0430132F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\LocK-A-FoLdeR\lock-a-folder.exe" -d "C:\Program Files (x86)\LocK-A-FoLdeR"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 20:42 - 2016-07-16 20:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-17 16:11 - 2017-06-21 16:48 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-03 15:08 - 2016-11-03 15:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:28 - 2017-03-04 15:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:29 - 2017-03-04 15:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:29 - 2017-03-04 15:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:29 - 2017-03-04 15:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-17 16:10 - 2017-06-21 15:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-17 16:11 - 2017-06-21 15:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-17 16:11 - 2017-06-21 15:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 19:15 - 2017-03-13 19:16 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-02 08:16 - 2017-03-02 08:18 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-10-31 13:34 - 2016-10-31 13:35 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-10-31 13:34 - 2016-10-31 13:35 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-07-01 07:34 - 2017-07-01 07:34 - 27688448 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll
2017-07-17 15:33 - 2017-07-13 04:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-17 15:33 - 2017-07-13 04:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-15 14:12 - 2017-07-13 04:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-12 08:16 - 2017-07-13 05:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-15 14:12 - 2017-07-13 04:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-06 09:54 - 2017-07-13 04:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-12 08:16 - 2017-07-13 04:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-17 15:33 - 2017-07-13 04:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-03 09:12 - 2017-07-13 05:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-03 09:12 - 2017-07-13 05:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-06 09:54 - 2017-07-13 04:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-17 15:33 - 2017-07-13 04:59 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-17 15:33 - 2017-07-13 04:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-03 09:12 - 2017-07-13 05:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-17 15:33 - 2017-07-13 04:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-06 09:54 - 2017-07-13 05:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-08 08:04 - 2017-07-13 05:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57113795.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57962598.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68547866.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97919990.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57113795.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57962598.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68547866.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97919990.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-06-21 09:33 - 2017-07-18 14:02 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sgfra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Backupper Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WsAppService => 2
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ABNotify"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "Uninstall C:\Users\sgfra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "IDM trial reset"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_289B12D62CF9ABE84DF95C0011F8C4F2"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "uTorrent"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F5E80DF2-D039-420A-A600-FBD12F93F73F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{80B29D3A-73F6-4BDE-B61F-1B5DC6261D4D}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [UDP Query User{25600D76-E3DD-4541-90C2-BB77E4E76C93}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{61C272DE-D93C-4827-990D-238A07870F34}] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{C1615AE4-8FD9-4A10-9EFE-CB7AA5266824}] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{43B18A60-84F5-4CDF-9036-AE642882D634}] => (Allow) LPort=5357
FirewallRules: [{7E5D446B-34AF-40D3-91E5-F917B89F2B1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6125E83F-37F9-494D-8C7C-2774D097C9DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7CE97B9B-D406-42DF-AC5E-402A74395857}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{384980C0-C6A7-4444-8F5E-85C7F4D7FC22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0CE86DBA-FEB5-4AA0-8BAC-D5DA8EE46CA9}] => (Allow) LPort=5556
FirewallRules: [{56F1F316-5974-4BAC-B3C0-265EBB65B736}] => (Allow) LPort=5558
FirewallRules: [{A14BF05B-29C3-436C-9631-03748A2244B4}] => (Block) LPort=445
FirewallRules: [{A5AE6B2D-60B2-4695-9B51-93A974E8FFB8}] => (Block) LPort=445
FirewallRules: [{AF5E99A2-05E0-4B7B-A633-64998F347A87}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{042D67DD-D441-4460-95D2-F3AC37354FCD}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜癡略硥e
FirewallRules: [{CDEE8B6C-38E7-484D-9332-B84C8877C68A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A2637D-C0F1-49F1-B8F9-2361FC2C8E81}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{36D3F423-83AC-4003-B92B-637B49CE12E9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{31F3B451-4BE2-477A-BCDF-05CCC6340A66}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D32E6FB1-D656-4102-A07F-B6E037EEEAA0}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6F58895-A31D-4EA9-9969-5F0529DD0FC3}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{93357EF3-11D9-4DAB-AC4B-E618DB4E2560}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{743C3B7C-C76F-4AD5-9A23-12297B1A1DC6}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E6E7CF9-910E-457A-B11A-B8FDE8BBB62B}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFA645A3-616B-49EF-9525-BD04FC64E5B7}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB04AF69-BB3F-4C34-99D9-26539C72C39A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8E4F8A3C-8727-48E7-A5FB-25571032DE04}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{92C70C98-5D0B-4474-AC84-CA47A0D938A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0941182-0A35-4F62-8FEF-A08500715115}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E53AD037-3034-441D-AB01-6EB337532D70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1255CE93-F7C5-4E64-88FE-089CD2853907}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{054D2C79-AA12-4FC5-A1E0-771789F824AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
20-07-2017 15:07:34 Sergio's 20 - 07
==================== Faulty Device Manager Devices =============
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2017 08:36:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/22/2017 08:36:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b
Exception code: 0x00000004
Fault offset: 0x0000000000033c58
Faulting process id: 0xa80
Faulting application start time: 0x01d3027a2e1a9bd5
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 191dbec4-a7e9-4353-92f3-ab3efceef707
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (07/22/2017 08:35:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/22/2017 08:35:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b
Exception code: 0x00000004
Fault offset: 0x0000000000033c58
Faulting process id: 0x1dcc
Faulting application start time: 0x01d3027a18d7b94d
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: cefd64a3-0489-43fc-a868-f92a7a8a2e4b
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (07/22/2017 08:35:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/22/2017 08:35:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b
Exception code: 0x00000004
Fault offset: 0x0000000000033c58
Faulting process id: 0x18f8
Faulting application start time: 0x01d3027a120d6bc3
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b7967abd-7e3b-430c-9858-c8df17be05ae
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (07/22/2017 07:46:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (07/20/2017 03:07:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/20/2017 06:59:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (07/19/2017 06:59:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 3.0.0.1068 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 165c
Start Time: 01d300729964f7f7
Termination Time: 4294967295
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Report Id: f926dd59-6c68-11e7-befa-00231886fd86
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:05:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BHAFNQH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
Error: (07/22/2017 08:03:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (07/22/2017 07:40:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (07/22/2017 07:38:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 07:38:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdpcie service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/20/2017 03:08:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-07-22 07:49:46.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-19 18:47:08.304
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 19:18:40.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 13:58:44.271
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-07-18 09:53:22.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-13 14:24:33.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-12 08:56:15.049
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-11 06:53:10.498
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-09 12:16:35.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-08 11:01:01.796
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 67%
Total physical RAM: 3824.42 MB
Available physical RAM: 1237.7 MB
Total Virtual: 7664.42 MB
Available Virtual: 4366.19 MB
==================== Drives ================================
Drive c: (TI105901W0D) (Fixed) (Total:117.77 GB) (Free:37.37 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: F4364A74)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=117.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by sgfra (22-07-2017 08:51:21)
Running from C:\Users\sgfra\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-02 13:28:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2398247234-322909077-3554112957-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2398247234-322909077-3554112957-503 - Limited - Disabled)
Guest (S-1-5-21-2398247234-322909077-3554112957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2398247234-322909077-3554112957-1003 - Limited - Enabled)
sgfra (S-1-5-21-2398247234-322909077-3554112957-1001 - Administrator - Enabled) => C:\Users\sgfra
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Airflow (64-bit) 1.0.0-beta7 (HKLM\...\Airflow (64-bit)) (Version: 1.0.0-beta7 - InMethod, s.r.o.)
Any DVD Cloner Platinum 1.3.5 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com)
AOMEI PE Builder 1.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (64 bit) (HKLM\...\{CF0609C1-687B-4133-9AB9-D6DE00D20715}) (Version: 4.5.7.6389 - Canneverbe Limited)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iMyFone Umate 3.5.0.0 (HKLM-x32\...\{5284F901-9F62-4462-A0E6-2E4373A64454}_is1) (Version: 3.5.0.0 - Shenzhen iMyFone Technology Co., Ltd.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 en-US)) (Version: 52.2.1 - Mozilla)
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8090 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11207 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers01: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers01: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> No File
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers01: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers01: [JZContextMenuExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers01: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers01: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers01: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers01: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers02: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers04: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File
ContextMenuHandlers04: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File
ContextMenuHandlers04: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers06: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers06: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File
ContextMenuHandlers06: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers06: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C1D14B-5D42-4E13-9663-37A2CEB0F020} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)
Task: {369B3F35-1132-4B21-9F97-6C3BEFC4F163} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {5B5F3FF6-16B0-47C0-B585-1DD31CDC73AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {5EF8CA43-25DE-4F65-9128-6A2224EA14C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {69ADD456-97DC-40D2-A3A7-97FD5187D3E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {6D30E43B-C488-4A2B-888C-EFD8ECAC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {7C77F0D1-6B83-47EF-B959-5613E91B8347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {7DD49B40-8BBC-4EB3-BA14-C69D4FD35843} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {96BB6AEE-7089-47AA-A8E9-DB15A96D45B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {A57ED87D-7FF1-41E6-9609-92A55AE2F44F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {AB167AD5-9E96-47BD-B019-821D580D0875} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AEB22F16-E881-4E56-ACFF-84A40B82934C} - System32\Tasks\{6149496B-2D6F-4DBD-B9D7-5587A08FFF57} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\sgfra\1 - Softs & Backups\mp3gain-win-full-1_2_5.exe" -d "C:\Users\sgfra\1 - Softs & Backups"
Task: {CE8D14B3-C655-40FE-9117-C13653B4ADAB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-03-29] (Realtek Semiconductor)
Task: {DC14A4FD-9996-4422-B417-88247865842A} - System32\Tasks\NameWist => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NameWist\NameWist.dll",DvCAFRONSDT <==== ATTENTION
Task: {E5090C3B-C41D-434E-A3D9-777F10FB8DE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {F43C39A8-F9BA-47E5-8B91-E5B7A7E1FC84} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {FA92BFEE-6707-47EE-9407-F940D11FCC2B} - System32\Tasks\{033A28E5-8CD0-4F90-8CA3-09BB0430132F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\LocK-A-FoLdeR\lock-a-folder.exe" -d "C:\Program Files (x86)\LocK-A-FoLdeR"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 20:42 - 2016-07-16 20:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-17 16:11 - 2017-06-21 16:48 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-03 15:08 - 2016-11-03 15:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:28 - 2017-03-04 15:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:29 - 2017-03-04 15:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:29 - 2017-03-04 15:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:29 - 2017-03-04 15:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-17 16:10 - 2017-06-21 15:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-17 16:11 - 2017-06-21 15:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-17 16:11 - 2017-06-21 15:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 19:15 - 2017-03-13 19:16 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-02 08:16 - 2017-03-02 08:18 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-10-31 13:34 - 2016-10-31 13:35 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-02 08:16 - 2017-03-02 08:18 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-10-31 13:34 - 2016-10-31 13:35 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-07-01 07:34 - 2017-07-01 07:34 - 27688448 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll
2017-07-17 15:33 - 2017-07-13 04:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-17 15:33 - 2017-07-13 04:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-15 14:12 - 2017-07-13 04:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-12 08:16 - 2017-07-13 05:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-15 14:12 - 2017-07-13 04:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-06 09:54 - 2017-07-13 04:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-12 08:16 - 2017-07-13 04:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-17 15:33 - 2017-07-13 04:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-03 09:12 - 2017-07-13 05:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-12 08:16 - 2017-07-13 04:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-12-03 09:12 - 2017-07-13 04:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-03 09:12 - 2017-07-13 05:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-06 09:54 - 2017-07-13 04:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-06 09:54 - 2017-07-13 05:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-17 15:33 - 2017-07-13 04:59 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-17 15:33 - 2017-07-13 04:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-17 15:33 - 2017-07-13 04:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-03 09:12 - 2017-07-13 05:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-17 15:33 - 2017-07-13 04:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-17 15:33 - 2017-07-13 04:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-06 09:54 - 2017-07-13 05:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-08 08:04 - 2017-07-13 05:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-17 15:33 - 2017-07-13 05:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57113795.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57962598.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68547866.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97919990.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57113795.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57962598.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68547866.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97919990.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-06-21 09:33 - 2017-07-18 14:02 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sgfra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Backupper Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WsAppService => 2
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ABNotify"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "Uninstall C:\Users\sgfra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "IDM trial reset"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_289B12D62CF9ABE84DF95C0011F8C4F2"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "uTorrent"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F5E80DF2-D039-420A-A600-FBD12F93F73F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{80B29D3A-73F6-4BDE-B61F-1B5DC6261D4D}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [UDP Query User{25600D76-E3DD-4541-90C2-BB77E4E76C93}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{61C272DE-D93C-4827-990D-238A07870F34}] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{C1615AE4-8FD9-4A10-9EFE-CB7AA5266824}] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{43B18A60-84F5-4CDF-9036-AE642882D634}] => (Allow) LPort=5357
FirewallRules: [{7E5D446B-34AF-40D3-91E5-F917B89F2B1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6125E83F-37F9-494D-8C7C-2774D097C9DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7CE97B9B-D406-42DF-AC5E-402A74395857}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{384980C0-C6A7-4444-8F5E-85C7F4D7FC22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0CE86DBA-FEB5-4AA0-8BAC-D5DA8EE46CA9}] => (Allow) LPort=5556
FirewallRules: [{56F1F316-5974-4BAC-B3C0-265EBB65B736}] => (Allow) LPort=5558
FirewallRules: [{A14BF05B-29C3-436C-9631-03748A2244B4}] => (Block) LPort=445
FirewallRules: [{A5AE6B2D-60B2-4695-9B51-93A974E8FFB8}] => (Block) LPort=445
FirewallRules: [{AF5E99A2-05E0-4B7B-A633-64998F347A87}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{042D67DD-D441-4460-95D2-F3AC37354FCD}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜癡略硥e
FirewallRules: [{CDEE8B6C-38E7-484D-9332-B84C8877C68A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A2637D-C0F1-49F1-B8F9-2361FC2C8E81}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{36D3F423-83AC-4003-B92B-637B49CE12E9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{31F3B451-4BE2-477A-BCDF-05CCC6340A66}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D32E6FB1-D656-4102-A07F-B6E037EEEAA0}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6F58895-A31D-4EA9-9969-5F0529DD0FC3}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{93357EF3-11D9-4DAB-AC4B-E618DB4E2560}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{743C3B7C-C76F-4AD5-9A23-12297B1A1DC6}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E6E7CF9-910E-457A-B11A-B8FDE8BBB62B}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFA645A3-616B-49EF-9525-BD04FC64E5B7}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB04AF69-BB3F-4C34-99D9-26539C72C39A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8E4F8A3C-8727-48E7-A5FB-25571032DE04}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{92C70C98-5D0B-4474-AC84-CA47A0D938A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0941182-0A35-4F62-8FEF-A08500715115}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E53AD037-3034-441D-AB01-6EB337532D70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1255CE93-F7C5-4E64-88FE-089CD2853907}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{054D2C79-AA12-4FC5-A1E0-771789F824AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
20-07-2017 15:07:34 Sergio's 20 - 07
==================== Faulty Device Manager Devices =============
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2017 08:36:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/22/2017 08:36:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b
Exception code: 0x00000004
Fault offset: 0x0000000000033c58
Faulting process id: 0xa80
Faulting application start time: 0x01d3027a2e1a9bd5
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 191dbec4-a7e9-4353-92f3-ab3efceef707
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (07/22/2017 08:35:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/22/2017 08:35:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b
Exception code: 0x00000004
Fault offset: 0x0000000000033c58
Faulting process id: 0x1dcc
Faulting application start time: 0x01d3027a18d7b94d
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: cefd64a3-0489-43fc-a868-f92a7a8a2e4b
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (07/22/2017 08:35:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/22/2017 08:35:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b
Exception code: 0x00000004
Fault offset: 0x0000000000033c58
Faulting process id: 0x18f8
Faulting application start time: 0x01d3027a120d6bc3
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b7967abd-7e3b-430c-9858-c8df17be05ae
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (07/22/2017 07:46:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (07/20/2017 03:07:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/20/2017 06:59:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Error: (07/19/2017 06:59:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 3.0.0.1068 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 165c
Start Time: 01d300729964f7f7
Termination Time: 4294967295
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Report Id: f926dd59-6c68-11e7-befa-00231886fd86
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 08:05:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BHAFNQH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
Error: (07/22/2017 08:03:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (07/22/2017 07:40:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (07/22/2017 07:38:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/22/2017 07:38:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdpcie service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/20/2017 03:08:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-07-22 07:49:46.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-19 18:47:08.304
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 19:18:40.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-18 13:58:44.271
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-07-18 09:53:22.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-13 14:24:33.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-12 08:56:15.049
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-11 06:53:10.498
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-09 12:16:35.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-07-08 11:01:01.796
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 67%
Total physical RAM: 3824.42 MB
Available physical RAM: 1237.7 MB
Total Virtual: 7664.42 MB
Available Virtual: 4366.19 MB
==================== Drives ================================
Drive c: (TI105901W0D) (Fixed) (Total:117.77 GB) (Free:37.37 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: F4364A74)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=117.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================