Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01 Ran by sgfra (20-06-2017 09:47:13) Running from C:\Users\sgfra\Desktop Windows 10 Pro Version 1607 (X64) (2016-11-02 13:28:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2398247234-322909077-3554112957-500 - Administrator - Enabled) DefaultAccount (S-1-5-21-2398247234-322909077-3554112957-503 - Limited - Disabled) Guest (S-1-5-21-2398247234-322909077-3554112957-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2398247234-322909077-3554112957-1003 - Limited - Enabled) sgfra (S-1-5-21-2398247234-322909077-3554112957-1001 - Administrator - Enabled) => C:\Users\sgfra ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Airflow (64-bit) 1.0.0-beta7 (HKLM\...\Airflow (64-bit)) (Version: 1.0.0-beta7 - InMethod, s.r.o.) Any DVD Cloner Platinum 1.3.5 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com) AOMEI PE Builder 1.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform) CDBurnerXP (64 bit) (HKLM\...\{CF0609C1-687B-4133-9AB9-D6DE00D20715}) (Version: 4.5.7.6389 - Canneverbe Limited) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World) Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit) Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - ) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft) Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft) Mozilla Firefox 54.0 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0 (x64 en-US)) (Version: 54.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla) Mozilla Thunderbird 52.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 en-US)) (Version: 52.1.1 - Mozilla) PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8090 - Realtek Semiconductor Corp.) Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11207 - Realtek Semiconductor Corp.) Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John) Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00876289-58F7-4155-906D-FEE5F1FE1449} - \Driver Robot -> No File <==== ATTENTION Task: {00C1D14B-5D42-4E13-9663-37A2CEB0F020} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-16] (Adobe Systems Incorporated) Task: {232D48AA-192D-457B-A7E5-79215180B3FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {369B3F35-1132-4B21-9F97-6C3BEFC4F163} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {5B5F3FF6-16B0-47C0-B585-1DD31CDC73AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.) Task: {5EF8CA43-25DE-4F65-9128-6A2224EA14C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {69ADD456-97DC-40D2-A3A7-97FD5187D3E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {6D30E43B-C488-4A2B-888C-EFD8ECAC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd) Task: {7C77F0D1-6B83-47EF-B959-5613E91B8347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.) Task: {7DD49B40-8BBC-4EB3-BA14-C69D4FD35843} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.) Task: {8C31723D-314F-4E18-A9E2-A5A143F7337A} - \Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic -> No File <==== ATTENTION Task: {96BB6AEE-7089-47AA-A8E9-DB15A96D45B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.) Task: {A57ED87D-7FF1-41E6-9609-92A55AE2F44F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {AEB22F16-E881-4E56-ACFF-84A40B82934C} - System32\Tasks\{6149496B-2D6F-4DBD-B9D7-5587A08FFF57} => pcalua.exe -a "C:\Users\sgfra\1 - Softs & Backups\mp3gain-win-full-1_2_5.exe" -d "C:\Users\sgfra\1 - Softs & Backups" Task: {CE8D14B3-C655-40FE-9117-C13653B4ADAB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-03-29] (Realtek Semiconductor) Task: {E5090C3B-C41D-434E-A3D9-777F10FB8DE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjdhx1sXu9WsoYn%2BrpWc5o8l8blIijs6ImBj3wt%2FmM41cDo3Sv7MTRoca8rKQ%3D%3D ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 20:42 - 2016-07-16 20:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-06-14 18:24 - 2017-06-03 19:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-03 15:08 - 2016-11-03 15:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 17:28 - 2017-03-04 15:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 17:29 - 2017-03-04 15:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 17:29 - 2017-03-04 15:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 17:29 - 2017-03-04 15:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-06-14 18:24 - 2017-06-03 17:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-06-14 18:24 - 2017-06-03 17:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-06-14 18:24 - 2017-06-03 17:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-13 19:15 - 2017-03-13 19:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-03-13 19:15 - 2017-03-13 19:16 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-03-13 19:15 - 2017-03-13 19:16 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-03-13 19:15 - 2017-03-13 19:16 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll 2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-06-15 14:12 - 2017-06-12 20:52 - 00775488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-06-15 14:12 - 2017-06-12 20:52 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-06-15 14:12 - 2017-06-12 20:52 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-11-12 08:16 - 2017-06-12 20:52 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-11-12 08:16 - 2017-06-12 20:54 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-06-06 09:54 - 2017-06-12 20:52 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-11-12 08:16 - 2017-06-12 20:52 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-11-12 08:16 - 2017-06-12 20:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-06-15 14:12 - 2017-06-12 20:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-12-03 09:12 - 2017-06-12 20:54 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-11-12 08:16 - 2017-06-12 20:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-11-12 08:16 - 2017-06-12 20:52 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-12-03 09:12 - 2017-06-12 20:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2016-12-03 09:12 - 2017-06-12 20:55 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-06-06 09:54 - 2017-06-12 20:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-06-06 09:54 - 2017-06-12 20:55 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-06-15 14:12 - 2017-06-12 20:54 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-06-15 14:12 - 2017-06-12 20:54 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-12-03 09:12 - 2017-06-12 20:54 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-06-15 14:12 - 2017-06-12 20:52 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-06-15 14:12 - 2017-06-12 20:52 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-06-06 09:54 - 2017-06-12 20:55 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-04-08 08:04 - 2017-06-12 20:54 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2017-06-15 14:12 - 2017-06-12 20:54 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2017-06-07 15:26 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2017-06-07 15:26 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:15D5AA51 [370] AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57962598.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68547866.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\E8D1A099.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57962598.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68547866.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\E8D1A099.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2398247234-322909077-3554112957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sgfra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Backupper Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: DigitalWave.Update.Service => 2 MSCONFIG\Services: EaseUS Agent => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: MBAMService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SynTPEnhService => 2 MSCONFIG\Services: WsAppService => 2 HKLM\...\StartupApproved\Run: => "Classic Start Menu" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "ABNotify" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GUDelayStartup" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "Uninstall C:\Users\sgfra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_289B12D62CF9ABE84DF95C0011F8C4F2" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F5E80DF2-D039-420A-A600-FBD12F93F73F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{80B29D3A-73F6-4BDE-B61F-1B5DC6261D4D}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [UDP Query User{25600D76-E3DD-4541-90C2-BB77E4E76C93}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [{61C272DE-D93C-4827-990D-238A07870F34}] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [{C1615AE4-8FD9-4A10-9EFE-CB7AA5266824}] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [{43B18A60-84F5-4CDF-9036-AE642882D634}] => (Allow) LPort=5357 FirewallRules: [{7E5D446B-34AF-40D3-91E5-F917B89F2B1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6125E83F-37F9-494D-8C7C-2774D097C9DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7CE97B9B-D406-42DF-AC5E-402A74395857}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{384980C0-C6A7-4444-8F5E-85C7F4D7FC22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0CE86DBA-FEB5-4AA0-8BAC-D5DA8EE46CA9}] => (Allow) LPort=5556 FirewallRules: [{56F1F316-5974-4BAC-B3C0-265EBB65B736}] => (Allow) LPort=5558 FirewallRules: [{E6DD9401-A152-4888-90BE-F714B2EFD14C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe FirewallRules: [{D6FBDD2E-2A51-46B9-9871-F97331D8D4E9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe FirewallRules: [{9C663083-724F-42F3-993A-620A16CDACB1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{99F8850B-E55E-4065-9810-C80D35325308}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{2C1FFADA-FCCE-4E98-8396-2066282A4009}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{709DF017-772B-4A7A-B51E-5847B62AC3D8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{A14BF05B-29C3-436C-9631-03748A2244B4}] => (Block) LPort=445 FirewallRules: [{A5AE6B2D-60B2-4695-9B51-93A974E8FFB8}] => (Block) LPort=445 FirewallRules: [{AF5E99A2-05E0-4B7B-A633-64998F347A87}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜湳攮數 FirewallRules: [{042D67DD-D441-4460-95D2-F3AC37354FCD}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e FirewallRules: [{7B1D825D-CBEE-4BD7-AAF6-1123EB09F151}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CDEE8B6C-38E7-484D-9332-B84C8877C68A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{B3A2637D-C0F1-49F1-B8F9-2361FC2C8E81}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{456CA652-BFD9-43C6-BD4E-66E296E12D0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{72B1C2E0-9FEE-4006-A6C4-492AE7535152}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1D105BCB-EB9F-488A-9C2C-18858EBBDE7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D5606023-E2C0-4758-AE6F-4EBD674C8559}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{325219ED-D4DF-4278-9918-8A638C94DD4A}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{C37D6777-9581-4C28-8DCC-20FDB9CFE431}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 19-06-2017 16:54:23 Sergio's ==================== Faulty Device Manager Devices ============= Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2017 04:54:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/19/2017 04:54:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary E8D1A099. System Error: The system cannot find the file specified. . Error: (06/19/2017 04:15:32 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (06/19/2017 03:44:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: adwcleaner_6.047.exe, version: 6.0.4.7, time stamp: 0x591e43a6 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0 Exception code: 0xc00000fd Fault offset: 0x00045b48 Faulting process id: 0x1454 Faulting application start time: 0x01d2e8c74493f29b Faulting application path: C:\Users\sgfra\Desktop\VIRUS & CO\adwcleaner_6.047.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 64dec720-04ec-4b3d-b084-aa3c39064d82 Faulting package full name: Faulting package-relative application ID: Error: (06/19/2017 03:41:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: adwcleaner_6.047.exe, version: 6.0.4.7, time stamp: 0x591e43a6 Faulting module name: adwcleaner_6.047.exe, version: 6.0.4.7, time stamp: 0x591e43a6 Exception code: 0xc00000fd Fault offset: 0x00031ae7 Faulting process id: 0x20 Faulting application start time: 0x01d2e8c32eee6390 Faulting application path: C:\Users\sgfra\Desktop\VIRUS & CO\adwcleaner_6.047.exe Faulting module path: C:\Users\sgfra\Desktop\VIRUS & CO\adwcleaner_6.047.exe Report Id: 9cf668f4-04b3-4907-8074-ee2169c07e4a Faulting package full name: Faulting package-relative application ID: Error: (06/19/2017 03:03:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/19/2017 03:03:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary E8D1A099. System Error: The system cannot find the file specified. . Error: (06/19/2017 02:55:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 11.6.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 23a8 Start Time: 01d2e8c08369fbf9 Termination Time: 6 Application Path: C:\Users\sgfra\Desktop\VIRUS & CO\FRST64.exe Report Id: e07d91ec-54b3-11e7-bebc-00231886fd86 Faulting package full name: Faulting package-relative application ID: Error: (06/19/2017 02:43:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 54.0.0.6368, time stamp: 0x59399fe2 Faulting module name: xul.dll, version: 54.0.0.6368, time stamp: 0x5939a40d Exception code: 0x80000003 Fault offset: 0x00000000004acb94 Faulting process id: 0x420 Faulting application start time: 0x01d2e8be9ccf1a1f Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll Report Id: a73126f8-f0f3-4ccc-9f25-ceefd1e97f4b Faulting package full name: Faulting package-relative application ID: Error: (06/19/2017 02:39:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . System errors: ============= Error: (06/20/2017 09:43:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (06/20/2017 09:41:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/20/2017 09:41:36 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (06/20/2017 09:41:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/20/2017 09:41:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (06/19/2017 07:12:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 05:41:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (06/19/2017 05:39:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (06/19/2017 05:37:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 05:37:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. CodeIntegrity: =================================== Date: 2017-06-19 06:20:33.993 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-18 08:39:34.407 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-17 07:36:04.451 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-14 18:26:00.737 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-13 18:16:55.688 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-13 09:03:42.982 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-12 16:40:09.365 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-11 10:26:35.038 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-08 10:22:09.585 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-08 10:22:09.584 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz Percentage of memory in use: 52% Total physical RAM: 3824.42 MB Available physical RAM: 1806.37 MB Total Virtual: 7664.42 MB Available Virtual: 5619.08 MB ==================== Drives ================================ Drive c: (TI105901W0D) (Fixed) (Total:117.33 GB) (Free:54.97 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: F4364A74) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================