Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by latou_000 (28-03-2018 12:37:57) Running from C:\Users\latou_000\Desktop Windows 8.1 Pro (Update) (X64) (2014-10-27 03:37:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3477242233-1307385565-363532214-500 - Administrator - Disabled) Guest (S-1-5-21-3477242233-1307385565-363532214-501 - Limited - Disabled) latou_000 (S-1-5-21-3477242233-1307385565-363532214-1003 - Administrator - Enabled) => C:\Users\latou_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {72946C16-4999-4F3F-9D81-2634F610F131} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.) Task: {93DD784C-9865-4E77-9F6D-4DCADE7BC5EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {A1D0E68F-3FD3-455D-B7E0-EF79913AE982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\latou_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Google Play Films et séries.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gdijeikdkaembjbdobgfkoidjkpbmlkd ==================== Loaded Modules (Whitelisted) ============== 2014-07-04 23:33 - 2014-07-04 23:33 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-03-25 09:24 - 2018-03-20 01:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll 2018-03-25 09:24 - 2018-03-20 01:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3477242233-1307385565-363532214-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\latou_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{638BEB8C-AFF0-4462-AA00-5E694D3D43BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FD72B40C-DAD0-478E-810A-528A6D08CD1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BC06380F-7AAB-4376-A4CE-0DA9E7C89E1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{81D1E497-A74C-4EF7-ABC3-5149E175A6A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8A24367E-2651-453F-9EA3-6988B07B9A29}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{EF2CA66B-8920-46F8-B174-78C9349EBC75}C:\users\marwa rmaih\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marwa rmaih\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D4DE50C0-D2BF-4810-BEAE-6406BE318203}C:\users\marwa rmaih\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marwa rmaih\appdata\roaming\spotify\spotify.exe FirewallRules: [{DD252D52-18BF-4B8C-8B6D-F98BB84AD9C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E2253E3F-E6D1-4E59-8C08-F116785B174B}] => (Allow) LPort=1688 ==================== Restore Points ========================= 21-12-2016 23:34:58 Windows Update 25-03-2018 13:42:34 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/27/2018 04:22:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WWAHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ea4 Start Time: 01d3c61183e09573 Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe Report Id: f13d7525-3204-11e8-82a0-74d02bad3b8d Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: Windows.Store Error: (03/27/2018 04:22:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARWA) Description: Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store was terminated because it took too long to suspend. Error: (03/27/2018 03:00:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Service_KMS.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException at System.IO.__Error.WinIOError(Int32, System.String) at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean) at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean) at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean) at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding) at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding) at Service_KMS.Logging.FileLogger.LogMessage(System.String) at Service_KMS.Service.ScheduledTask() at Service_KMS.Service.TaskLoop() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/27/2018 03:00:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x00007ffce9de529f Faulting process id: 0x5c8 Faulting application start time: 0x01d3c60637a9b922 Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe Faulting module path: unknown Report Id: 847ee466-31f9-11e8-829f-74d02bad3b8d Faulting package full name: Faulting package-relative application ID: Error: (03/27/2018 02:25:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057) Error: (03/25/2018 03:05:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11d0 Start Time: 01d3c47323a6f760 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: cddb2eea-3067-11e8-829e-74d02bad3b8d Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/25/2018 02:54:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 765968 Error: (03/25/2018 02:54:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 765968 System errors: ============= Error: (03/27/2018 05:02:36 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (03/27/2018 03:02:31 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY) Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity. Error: (03/27/2018 03:02:17 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY) Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity. Error: (03/27/2018 03:01:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/27/2018 02:53:01 PM) (Source: DCOM) (EventID: 10010) (User: MARWA) Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout. Error: (03/27/2018 02:53:01 PM) (Source: DCOM) (EventID: 10010) (User: MARWA) Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout. Error: (03/27/2018 02:53:01 PM) (Source: DCOM) (EventID: 10010) (User: MARWA) Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout. Error: (03/27/2018 02:53:01 PM) (Source: DCOM) (EventID: 10010) (User: MARWA) Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2018-03-27 15:25:25.762 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Name: HackTool:Win32/AutoKMS ID: 2147685180 Severity: Medium Category: Tool Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\Windows\System32\Tasks\AutoPico Daily Restart;process:_pid:2352,ProcessStart:131666544376201422;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C55EBA9-27B9-48DB-A7EC-BDB1B5C703AA};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1;service:_Service KMSELDI;taskscheduler:_C:\Windows\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\latou_000\AppData\Roaming\ZHP\ZHPCleaner.exe Signature Version: AV: 1.263.1550.0, AS: 1.263.1550.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-03-27 15:03:31.412 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Name: HackTool:Win32/AutoKMS ID: 2147685180 Severity: Medium Category: Tool Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\Windows\System32\Tasks\AutoPico Daily Restart;process:_pid:2352,ProcessStart:131666544376201422;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C55EBA9-27B9-48DB-A7EC-BDB1B5C703AA};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1;service:_Service KMSELDI;taskscheduler:_C:\Windows\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\KMSpico\Service_KMS.exe Signature Version: AV: 1.263.1550.0, AS: 1.263.1550.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-03-27 15:01:04.107 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Name: HackTool:Win32/AutoKMS ID: 2147685180 Severity: Medium Category: Tool Path: file:_C:\Program Files\KMSpico\Service_KMS.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\KMSpico\Service_KMS.exe Signature Version: AV: 1.263.1550.0, AS: 1.263.1550.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-03-27 11:59:06.077 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Name: HackTool:Win32/AutoKMS ID: 2147685180 Severity: Medium Category: Tool Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\Windows\System32\Tasks\AutoPico Daily Restart;process:_pid:1520,ProcessStart:131664607536958637;process:_pid:2568,ProcessStart:131664607700792180;process:_pid:2580,ProcessStart:131665571420134844;process:_pid:4972,ProcessStart:131665967421971473;process:_pid:4976,ProcessStart:131665769425072226;process:_pid:5912,ProcessStart:131666435414891129;process:_pid:7624,ProcessStart:131665103413740376;process:_pid:8080,ProcessStart:131664905420406815;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C55EBA9-27B9-48DB-A7EC-BDB1B5C703AA};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1;service:_Service KMSELDI;taskscheduler:_C:\Windows\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOW Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Program Files\KMSpico\AutoPico.exe Signature Version: AV: 1.263.1550.0, AS: 1.263.1550.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-03-27 11:59:02.435 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Name: HackTool:Win32/AutoKMS ID: 2147685180 Severity: Medium Category: Tool Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\Windows\System32\Tasks\AutoPico Daily Restart;process:_pid:1520,ProcessStart:131664607536958637;process:_pid:2568,ProcessStart:131664607700792180;process:_pid:2580,ProcessStart:131665571420134844;process:_pid:4972,ProcessStart:131665967421971473;process:_pid:4976,ProcessStart:131665769425072226;process:_pid:7624,ProcessStart:131665103413740376;process:_pid:8080,ProcessStart:131664905420406815;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C55EBA9-27B9-48DB-A7EC-BDB1B5C703AA};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1;service:_Service KMSELDI;taskscheduler:_C:\Windows\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KMSpico_is1 Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Windows\System32\taskeng.exe Signature Version: AV: 1.263.1550.0, AS: 1.263.1550.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2016-12-26 20:07:50.292 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 116.65.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2016-12-26 20:07:50.276 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.231.1816.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.13202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2016-12-26 20:07:50.276 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.231.1816.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.13202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2016-12-26 20:07:50.167 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.231.1816.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.13202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2016-12-26 20:05:33.351 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 116.65.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2018-03-28 12:40:00.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-28 12:39:52.214 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-28 12:39:44.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-28 12:39:37.276 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-28 12:39:31.005 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-28 12:39:25.044 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-27 14:52:17.098 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-03-27 14:52:08.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD C-70 APU with Radeon(tm) HD Graphics Percentage of memory in use: 52% Total physical RAM: 3673.14 MB Available physical RAM: 1752.96 MB Total Virtual: 4313.14 MB Available Virtual: 2395.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.45 GB) (Free:78.87 GB) NTFS Drive d: (PRETTY_LITTLE_LIARS_SEASON2_D1) (CDROM) (Total:7.74 GB) (Free:0 GB) UDF \\?\Volume{3aa373f9-b57f-11e3-824c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 47A3C11C) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================