Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017 Ran by sgfra (22-07-2017 08:51:21) Running from C:\Users\sgfra\Desktop Windows 10 Pro Version 1607 (X64) (2016-11-02 13:28:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2398247234-322909077-3554112957-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2398247234-322909077-3554112957-503 - Limited - Disabled) Guest (S-1-5-21-2398247234-322909077-3554112957-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2398247234-322909077-3554112957-1003 - Limited - Enabled) sgfra (S-1-5-21-2398247234-322909077-3554112957-1001 - Administrator - Enabled) => C:\Users\sgfra ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Airflow (64-bit) 1.0.0-beta7 (HKLM\...\Airflow (64-bit)) (Version: 1.0.0-beta7 - InMethod, s.r.o.) Any DVD Cloner Platinum 1.3.5 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com) AOMEI PE Builder 1.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform) CDBurnerXP (64 bit) (HKLM\...\{CF0609C1-687B-4133-9AB9-D6DE00D20715}) (Version: 4.5.7.6389 - Canneverbe Limited) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard) iMyFone Umate 3.5.0.0 (HKLM-x32\...\{5284F901-9F62-4462-A0E6-2E4373A64454}_is1) (Version: 3.5.0.0 - Shenzhen iMyFone Technology Co., Ltd.) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - ) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft) Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft) Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla) Mozilla Thunderbird 52.2.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 en-US)) (Version: 52.2.1 - Mozilla) PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8090 - Realtek Semiconductor Corp.) Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11207 - Realtek Semiconductor Corp.) Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John) Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated) Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-13] (Dropbox, Inc.) ContextMenuHandlers01: [Advanced SystemCare] -> [CC]{2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File ContextMenuHandlers01: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> No File ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ContextMenuHandlers01: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File ContextMenuHandlers01: [JZContextMenuExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File ContextMenuHandlers01: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File ContextMenuHandlers01: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File ContextMenuHandlers01: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers01: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers02: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File ContextMenuHandlers02: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers03: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ContextMenuHandlers04: [JsZipShlExt] -> {5C551008-A347-4DB3-AF48-014076FD2B46} => -> No File ContextMenuHandlers04: [SimpleShlExt] -> [CC]{45203D3B-3D73-4497-8AFE-D29950AC6C55} => -> No File ContextMenuHandlers04: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-13] (Dropbox, Inc.) ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation) ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft) ContextMenuHandlers06: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File ContextMenuHandlers06: [UnlockerShellExtension] -> [CC]{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => -> No File ContextMenuHandlers06: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers06: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00C1D14B-5D42-4E13-9663-37A2CEB0F020} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated) Task: {369B3F35-1132-4B21-9F97-6C3BEFC4F163} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {5B5F3FF6-16B0-47C0-B585-1DD31CDC73AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.) Task: {5EF8CA43-25DE-4F65-9128-6A2224EA14C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {69ADD456-97DC-40D2-A3A7-97FD5187D3E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {6D30E43B-C488-4A2B-888C-EFD8ECAC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd) Task: {7C77F0D1-6B83-47EF-B959-5613E91B8347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.) Task: {7DD49B40-8BBC-4EB3-BA14-C69D4FD35843} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.) Task: {96BB6AEE-7089-47AA-A8E9-DB15A96D45B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.) Task: {A57ED87D-7FF1-41E6-9609-92A55AE2F44F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {AB167AD5-9E96-47BD-B019-821D580D0875} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {AEB22F16-E881-4E56-ACFF-84A40B82934C} - System32\Tasks\{6149496B-2D6F-4DBD-B9D7-5587A08FFF57} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\sgfra\1 - Softs & Backups\mp3gain-win-full-1_2_5.exe" -d "C:\Users\sgfra\1 - Softs & Backups" Task: {CE8D14B3-C655-40FE-9117-C13653B4ADAB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-03-29] (Realtek Semiconductor) Task: {DC14A4FD-9996-4422-B417-88247865842A} - System32\Tasks\NameWist => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NameWist\NameWist.dll",DvCAFRONSDT <==== ATTENTION Task: {E5090C3B-C41D-434E-A3D9-777F10FB8DE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation) Task: {F43C39A8-F9BA-47E5-8B91-E5B7A7E1FC84} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION Task: {FA92BFEE-6707-47EE-9407-F940D11FCC2B} - System32\Tasks\{033A28E5-8CD0-4F90-8CA3-09BB0430132F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\LocK-A-FoLdeR\lock-a-folder.exe" -d "C:\Program Files (x86)\LocK-A-FoLdeR" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 20:42 - 2016-07-16 20:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-17 16:11 - 2017-06-21 16:48 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-03 15:08 - 2016-11-03 15:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 17:28 - 2017-03-04 15:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 17:29 - 2017-03-04 15:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 17:29 - 2017-03-04 15:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 17:29 - 2017-03-04 15:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-07-17 16:10 - 2017-06-21 15:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-07-17 16:11 - 2017-06-21 15:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-07-17 16:11 - 2017-06-21 15:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-13 19:15 - 2017-03-13 19:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-03-13 19:15 - 2017-03-13 19:16 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-03-13 19:15 - 2017-03-13 19:16 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-03-13 19:15 - 2017-03-13 19:16 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll 2017-03-02 08:16 - 2017-03-02 08:18 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-03-02 08:16 - 2017-03-02 08:18 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-03-02 08:16 - 2017-03-02 08:18 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-10-31 13:34 - 2016-10-31 13:35 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-03-02 08:16 - 2017-03-02 08:18 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-03-02 08:16 - 2017-03-02 08:18 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-10-31 13:34 - 2016-10-31 13:35 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-07-01 07:34 - 2017-07-01 07:34 - 27688448 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll 2017-07-17 15:33 - 2017-07-13 04:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-07-17 15:33 - 2017-07-13 04:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-06-15 14:12 - 2017-07-13 04:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-11-12 08:16 - 2017-07-13 04:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-11-12 08:16 - 2017-07-13 05:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-06-15 14:12 - 2017-07-13 04:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-06-06 09:54 - 2017-07-13 04:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-11-12 08:16 - 2017-07-13 04:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-07-17 15:33 - 2017-07-13 04:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-07-17 15:33 - 2017-07-13 04:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2017-07-17 15:33 - 2017-07-13 04:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-11-12 08:16 - 2017-07-13 04:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-07-17 15:33 - 2017-07-13 04:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-07-17 15:33 - 2017-07-13 04:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-12-03 09:12 - 2017-07-13 05:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-11-12 08:16 - 2017-07-13 04:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-11-12 08:16 - 2017-07-13 04:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-12-03 09:12 - 2017-07-13 04:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2016-12-03 09:12 - 2017-07-13 05:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-06-06 09:54 - 2017-07-13 04:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-06-06 09:54 - 2017-07-13 05:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-07-17 15:33 - 2017-07-13 04:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-07-17 15:33 - 2017-07-13 04:59 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-07-17 15:33 - 2017-07-13 04:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-07-17 15:33 - 2017-07-13 04:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-12-03 09:12 - 2017-07-13 05:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-07-17 15:33 - 2017-07-13 04:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-07-17 15:33 - 2017-07-13 04:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-06-06 09:54 - 2017-07-13 05:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-04-08 08:04 - 2017-07-13 05:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2017-07-17 15:33 - 2017-07-13 05:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57113795.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57962598.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68547866.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97919990.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57113795.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57962598.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68547866.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97919990.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-06-21 09:33 - 2017-07-18 14:02 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2398247234-322909077-3554112957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sgfra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Backupper Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: DigitalWave.Update.Service => 2 MSCONFIG\Services: EaseUS Agent => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: MBAMService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SynTPEnhService => 2 MSCONFIG\Services: WsAppService => 2 HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "ABNotify" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GUDelayStartup" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "Uninstall C:\Users\sgfra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "IDM trial reset" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_289B12D62CF9ABE84DF95C0011F8C4F2" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)" HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F5E80DF2-D039-420A-A600-FBD12F93F73F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{80B29D3A-73F6-4BDE-B61F-1B5DC6261D4D}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [UDP Query User{25600D76-E3DD-4541-90C2-BB77E4E76C93}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [{61C272DE-D93C-4827-990D-238A07870F34}] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [{C1615AE4-8FD9-4A10-9EFE-CB7AA5266824}] => (Allow) C:\program files\airflow\airflow.exe FirewallRules: [{43B18A60-84F5-4CDF-9036-AE642882D634}] => (Allow) LPort=5357 FirewallRules: [{7E5D446B-34AF-40D3-91E5-F917B89F2B1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6125E83F-37F9-494D-8C7C-2774D097C9DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7CE97B9B-D406-42DF-AC5E-402A74395857}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{384980C0-C6A7-4444-8F5E-85C7F4D7FC22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0CE86DBA-FEB5-4AA0-8BAC-D5DA8EE46CA9}] => (Allow) LPort=5556 FirewallRules: [{56F1F316-5974-4BAC-B3C0-265EBB65B736}] => (Allow) LPort=5558 FirewallRules: [{A14BF05B-29C3-436C-9631-03748A2244B4}] => (Block) LPort=445 FirewallRules: [{A5AE6B2D-60B2-4695-9B51-93A974E8FFB8}] => (Block) LPort=445 FirewallRules: [{AF5E99A2-05E0-4B7B-A633-64998F347A87}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜湳攮數 FirewallRules: [{042D67DD-D441-4460-95D2-F3AC37354FCD}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e FirewallRules: [{CDEE8B6C-38E7-484D-9332-B84C8877C68A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{B3A2637D-C0F1-49F1-B8F9-2361FC2C8E81}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{36D3F423-83AC-4003-B92B-637B49CE12E9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{31F3B451-4BE2-477A-BCDF-05CCC6340A66}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{D32E6FB1-D656-4102-A07F-B6E037EEEAA0}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A6F58895-A31D-4EA9-9969-5F0529DD0FC3}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{93357EF3-11D9-4DAB-AC4B-E618DB4E2560}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{743C3B7C-C76F-4AD5-9A23-12297B1A1DC6}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3E6E7CF9-910E-457A-B11A-B8FDE8BBB62B}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CFA645A3-616B-49EF-9525-BD04FC64E5B7}] => (Allow) C:\Users\sgfra\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{AB04AF69-BB3F-4C34-99D9-26539C72C39A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8E4F8A3C-8727-48E7-A5FB-25571032DE04}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{92C70C98-5D0B-4474-AC84-CA47A0D938A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C0941182-0A35-4F62-8FEF-A08500715115}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E53AD037-3034-441D-AB01-6EB337532D70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1255CE93-F7C5-4E64-88FE-089CD2853907}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{054D2C79-AA12-4FC5-A1E0-771789F824AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 20-07-2017 15:07:34 Sergio's 20 - 07 ==================== Faulty Device Manager Devices ============= Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2017 08:36:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/22/2017 08:36:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b Exception code: 0x00000004 Fault offset: 0x0000000000033c58 Faulting process id: 0xa80 Faulting application start time: 0x01d3027a2e1a9bd5 Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 191dbec4-a7e9-4353-92f3-ab3efceef707 Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (07/22/2017 08:35:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/22/2017 08:35:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b Exception code: 0x00000004 Fault offset: 0x0000000000033c58 Faulting process id: 0x1dcc Faulting application start time: 0x01d3027a18d7b94d Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: cefd64a3-0489-43fc-a868-f92a7a8a2e4b Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (07/22/2017 08:35:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BHAFNQH) Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/22/2017 08:35:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1378, time stamp: 0x594a146b Exception code: 0x00000004 Fault offset: 0x0000000000033c58 Faulting process id: 0x18f8 Faulting application start time: 0x01d3027a120d6bc3 Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: b7967abd-7e3b-430c-9858-c8df17be05ae Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (07/22/2017 07:46:30 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Error: (07/20/2017 03:07:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/20/2017 06:59:04 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Error: (07/19/2017 06:59:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 3.0.0.1068 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 165c Start Time: 01d300729964f7f7 Termination Time: 4294967295 Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Report Id: f926dd59-6c68-11e7-befa-00231886fd86 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/22/2017 08:50:18 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BHAFNQH) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user DESKTOP-BHAFNQH\sgfra SID (S-1-5-21-2398247234-322909077-3554112957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/22/2017 08:05:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BHAFNQH) Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout. Error: (07/22/2017 08:03:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (07/22/2017 07:40:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (07/22/2017 07:38:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/22/2017 07:38:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (07/20/2017 03:08:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-07-22 07:49:46.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-19 18:47:08.304 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-18 19:18:40.792 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-18 13:58:44.271 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-18 09:53:22.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-13 14:24:33.858 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-12 08:56:15.049 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-11 06:53:10.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-09 12:16:35.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-08 11:01:01.796 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz Percentage of memory in use: 67% Total physical RAM: 3824.42 MB Available physical RAM: 1237.7 MB Total Virtual: 7664.42 MB Available Virtual: 4366.19 MB ==================== Drives ================================ Drive c: (TI105901W0D) (Fixed) (Total:117.77 GB) (Free:37.37 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: F4364A74) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=117.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================