Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptsp.dll is either not designed to run on Windows or it contains an error.


  • Please log in to reply
20 replies to this topic

#1 CHENGLIN WANG

CHENGLIN WANG

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 07 November 2015 - 10:43 PM

​I keep getting this error message when I try to open google and most of the software I have on my laptop. I have tried all methods trying to solve this kind of error online, but none of them seem to work. Now I cannot install any software due to this error, and all the anti-virus software cannot detect any virus. I cannot reset my laptop or refresh my laptop. I clicked on them and after restart, it goes into Windows 10 directly and does no resetting work. I bought this ASUS laptop about 2 month ago with Windows 8.1 as default system. I got this error around 2 weeks ago, and the morning I found this happening, my Facebook account was hacked.

Our campus security team helped me. He used a lot of diagnosing tools but none of them work since this bad image error kept appearing. Please help!

 

Thank you

Chenglin

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 07 November 2015 - 10:55 PM

Hi CHENGLIN WANG :)

My name is Aura and I'll be assisting you with your issue, follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 07 November 2015 - 11:12 PM

Hi Aura,

 

Thanks for the fast response! I appreciate your help a lot! Here is the log:

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by CHENGLIN (administrator) on 07-11-2015 at 20:08:47
Running from "C:\Users\CHENGLIN\Desktop"
Windows 10 Home  (X64)
Model:  Manufacturer:
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================
 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 

popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : APPLE-T
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : berkeley.edu
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F0-79-59-1B-1D-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 80-19-34-D5-C7-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : berkeley.edu
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : 80-19-34-D5-C7-49
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7c72:2d7c:1feb:8a26%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.105.136.163(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Saturday, November 7, 2015 6:59:40 PM
   Lease Expires . . . . . . . . . . : Saturday, November 7, 2015 8:22:23 PM
   Default Gateway . . . . . . . . . : 10.105.136.1
   DHCP Server . . . . . . . . . . . : 10.129.197.10
   DHCPv6 IAID . . . . . . . . . . . : 75503924
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-8B-40-C8-F0-79-59-1B-1D-30
   DNS Servers . . . . . . . . . . . : 128.32.206.9
                                       128.32.136.12
                                       128.32.136.9
                                       128.32.206.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.berkeley.edu:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : berkeley.edu
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1863:115b:f596:775c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1863:115b:f596:775c%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-8B-40-C8-F0-79-59-1B-1D-30
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  ns1.berkeley.edu
Address:  128.32.206.9
 
Name:    google.com
Addresses:  2607:f8b0:4005:802::1009
   74.125.224.4
   74.125.224.14
   74.125.224.7
   74.125.224.2
   74.125.224.8
   74.125.224.0
   74.125.224.6
   74.125.224.3
   74.125.224.9
   74.125.224.5
   74.125.224.1
 

Pinging google.com [74.125.239.132] with 32 bytes of data:
Reply from 74.125.239.132: bytes=32 time=4ms TTL=56
Reply from 74.125.239.132: bytes=32 time=4ms TTL=56
 
Ping statistics for 74.125.239.132:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 4ms, Average = 4ms
Server:  ns1.berkeley.edu
Address:  128.32.206.9
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   206.190.36.45
   98.138.253.109
   98.139.183.24
 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=28ms TTL=51
Reply from 206.190.36.45: bytes=32 time=26ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 28ms, Average = 27ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...f0 79 59 1b 1d 30 ......Realtek PCIe GBE Family Controller
 15...80 19 34 d5 c7 4a ......Microsoft Wi-Fi Direct Virtual Adapter
  4...80 19 34 d5 c7 49 ......Intel® Dual Band Wireless-AC 7260
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.105.136.1   10.105.136.163     10
     10.105.136.0    255.255.252.0         On-link    10.105.136.163    266
   10.105.136.163  255.255.255.255         On-link    10.105.136.163    266
   10.105.139.255  255.255.255.255         On-link    10.105.136.163    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    10.105.136.163    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    10.105.136.163    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 11    306 2001::/32                On-link
 11    306 2001:0:9d38:6abd:1863:115b:f596:775c/128
                                    On-link
  4    266 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::1863:115b:f596:775c/128
                                    On-link
  4    266 fe80::7c72:2d7c:1feb:8a26/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    266 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/07/2015 07:23:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/07/2015 07:23:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/07/2015 07:04:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The specified procedure could not be found.
.
 
Error: (11/07/2015 07:04:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The specified procedure could not be found.
.
 
Error: (11/07/2015 06:59:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: IpOverUsbSvc.exe, version: 8.0.14194.286, time stamp: 0x543f1984
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0x834
Faulting application start time: 0xIpOverUsbSvc.exe0
Faulting application path: IpOverUsbSvc.exe1
Faulting module path: IpOverUsbSvc.exe2
Report Id: IpOverUsbSvc.exe3
Faulting package full name: IpOverUsbSvc.exe4
Faulting package-relative application ID: IpOverUsbSvc.exe5
 
Error: (11/07/2015 06:59:49 PM) (Source: .NET Runtime) (User: )
Description: Application: IpOverUsbSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
Stack:
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 

System errors:
=============
Error: (11/07/2015 08:02:41 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:52:17 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:44:07 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:34:27 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:22:14 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:13:08 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:09:49 PM) (Source: Service Control Manager) (User: )
Description: The Baidu Player Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/07/2015 07:02:21 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated with the following error:
%%2147942527
 
Error: (11/07/2015 07:02:14 PM) (Source: Service Control Manager) (User: )
Description: The MaohaWiFiService service failed to start due to the following error:
%%2
 
Error: (11/07/2015 07:02:08 PM) (Source: Service Control Manager) (User: )
Description: The GamesAppIntegrationService service terminated with the following error:
%%2147942527
 

Microsoft Office Sessions:
=========================
Error: (11/07/2015 07:23:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Tencent\QQDownload\MFC80U.DLL
 
Error: (11/07/2015 07:23:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Tencent\QQDownload\MFC80U.DLL
 
Error: (11/07/2015 07:04:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe specified procedure could not be found.
 
Error: (11/07/2015 07:04:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe specified procedure could not be found.
 
Error: (11/07/2015 06:59:52 PM) (Source: Application Error)(User: )
Description: IpOverUsbSvc.exe8.0.14194.286543f1984KERNELBASE.dll10.0.10240.16384559f3b2ae0434352000b3e2883401d119d17a3f149aC:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exeC:\Windows\SYSTEM32\KERNELBASE.dll6a979160-3d2f-4e1b-9267-b967ec49ddd7
 
Error: (11/07/2015 06:59:49 PM) (Source: .NET Runtime)(User: )
Description: Application: IpOverUsbSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
Stack:
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path43900
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path25900
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path17900
 
Error: (11/07/2015 06:59:38 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)
Description: Eap method DLL path43900
 

CodeIntegrity Errors:
===================================
  Date: 2015-11-05 15:04:50.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-04 19:15:00.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-04 07:19:33.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-11-03 16:21:39.556
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-31 15:31:48.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-30 15:02:50.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-30 08:04:46.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-27 01:11:26.214
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-27 01:11:20.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-23 16:37:40.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

=========================== Installed Programs ============================
 
360杀毒 (HKLM-x32\...\360SD) (Version: 5.0.0.5104 - 360安全中心)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
ASUS Console (HKLM\...\{6D989E08-8143-4AB8-B0A8-5B836235CAA4}) (Version: 1.0.5 - ASUS)
Asus FaceID (HKLM-x32\...\{C4071085-DDF0-403F-90F9-27582FC22C9B}) (Version: 7.7.6.1 - ASUS)
ASUS GIFTBOX Desktop (HKLM-x32\...\{9110969C-A4E5-4112-93A3-A8686BF7444C}) (Version: 1.0.2 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
BaiduPlayer4.1.2.349 (HKLM-x32\...\BaiduPlayer) (Version: 4.1.2 - Baidu Online Network Technology (Beijing) Co., Ltd.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
ClipGrab 3.5.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Epic Games Launcher (HKLM\...\{7C8ED4CE-7D28-442D-AD14-C95C18A7CB1A}) (Version: 1.1.35.0 - Epic Games, Inc.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python 3.5.0 (32-bit) (HKCU\...\{1197d2bb-6cf8-488a-b994-d5bf6d7efe7b}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Core Interpreter (32-bit) (HKLM-x32\...\{E9E55FC3-A47F-4ACA-8691-C22469450FB1}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (32-bit) (HKLM-x32\...\{D5A057BD-471E-40D6-B7E0-79E08210D8F6}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (32-bit) (HKLM-x32\...\{169B7A58-FE29-48E8-8773-9D6390815C8C}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (32-bit) (HKLM-x32\...\{CE48771A-4CC2-4F35-A7B3-D136E91D04F3}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{CAA5FC80-DEF6-4DFA-9C06-23921A87F092}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (32-bit) (HKLM-x32\...\{11187860-0D92-490D-86EC-3A941C98D451}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (32-bit) (HKLM-x32\...\{0740B2CD-63EC-44C7-B39E-B6EB579773E6}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{7AB85182-2EE4-4137-A5C6-D8C03958DCBA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (32-bit) (HKLM-x32\...\{2234BC4D-E95D-40C2-818D-7845760C510F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (32-bit) (HKLM-x32\...\{4A69B338-2C0C-4726-A261-44DBCF0DA94A}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
QQ旋风4.8 (HKLM-x32\...\QQ旋风) (Version: 4.8.772.402 - 腾讯科技(深圳)有限公司)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7250 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{6E3FB6C9-8C3C-45D4-BD9E-AECA430EE8E0}) (Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{EA2C2406-C25C-4845-842F-360EFEA4CDCE}) (Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.3.0 (HKLM-x32\...\{7f54b430-3428-4775-aeae-531e46185ec6}) (Version: 1.5.23115.0 - Microsoft Corporation)
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{74E0F5DD-514A-4F85-0EE0-1E2EBB8BFC8C}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{4C8DCEB6-5D3C-90BD-6E31-A8342B9185FF}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{DE0B03D4-5A26-DEEC-F62E-278EF28BA58E}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-位) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
搜狗拼音输入法 7.7正式版 (HKLM-x32\...\Sogou Input) (Version: 7.7.0.7006 - Sogou.com)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 7.6.15742.0 - 腾讯科技(深圳)有限公司)
 
========================= Devices: ================================
 
Could not list devices.
 
========================= Memory info: ===================================
 
Percentage of memory in use: 17%
Total physical RAM: 12171.06 MB
Available physical RAM: 10039.17 MB
Total Virtual: 20875.06 MB
Available Virtual: 18834.36 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:218.14 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:478.93 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\APPLE-T
 
Administrator            CHENGLIN                 DefaultAccount          
Guest                   
 

**** End of log ****
 
Chenglin



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 07 November 2015 - 11:15 PM

The programs 360杀毒 and 腾讯QQ are most likely the culprits from what I can see online. Can you uninstall them for the time being?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 07 November 2015 - 11:31 PM

I cannot uninstall anything now: the same error message pops up every time: "An error occurred trying to uninstall **, it may have already been uninstalled. Would you like to remove from the program and features list? " It occurs no matter which software I want to uninstall from the list.

 

Also, 360杀毒 is an anti-virus software. I installed it after this virus appeared. So I think 360 shouldn't be the cause.

Similarly I have been using 腾讯QQ for a long time. It's a live-time chatting tool so I don't think it's the cause either.

 

Chenglin



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 07 November 2015 - 11:36 PM

Check the executable that is launching the error, QQDownload.exe. If you Google it, you get this:

https://www.reasoncoresecurity.com/qqdownload.exe-84a6e8c0d965986311ea544f64bb921b304d0e5e.aspx

You do have that QQ program installed, so this is most likely the culprit.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 07 November 2015 - 11:44 PM

Actually, whichever program I open, this error occurs. For example, adobe acrobat as in the attached.

Attached Files



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 07 November 2015 - 11:45 PM

Ah alright, then it's different. Follow the instructions below please.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 08 November 2015 - 12:14 AM

The link to the cbs file:

 

https://drive.google.com/file/d/0B1u4bGQyZQlUcU9RTmFzaDBmODQ/view?usp=sharing​

 

Thanks,

Chenglin



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 08 November 2015 - 10:05 AM

Your cryptsp.dll file is corrupt and cannot be repaired by SFC.
2015-11-07 21:08:49, Info                  CSI    0000645f Hashes for file member \SystemRoot\WinSxS\wow64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_10.0.10240.16384_none_3bb28a0dd5da8f07\cryptsp.dll do not match actual file [l:22{11}]"cryptsp.dll" :
  Found: {l:32 b:vuFi2GBw04K8kMjAC94gMJpOJQbiQPEGFI8GZTK5Ad8=} Expected: {l:32 b:897hW0YKQTBsDr8hnpyCD6XJe6plgf1KdS4gkEO/pWE=}
2015-11-07 21:08:49, Info                  CSI    00006460 [SR] Cannot repair member file [l:22{11}]"cryptsp.dll" of Microsoft-Windows-cryptsp-dll, Version = 10.0.10240.16384, pA Host= amd64 Guest= x86, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35} in the store, hash mismatch
Follow the instructions below please.

EndqYRa.pngDISM - Fixing Component Store Corruption
Follow the instructions below to run a DISM operation on your system.
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time;
  • Copy the C:\Windows\Logs\DISM folder and C:\Windows\Logs\CBS\CBS.log file on your Desktop, then right-click on it, go to Send to... and select Compressed .zip archive;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the DISM scan is completed, it won't contains the information from the scan anymore. So archive it and upload it as soon as you can.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 08 November 2015 - 10:40 AM

The link to the DISM file is here:

 

https://drive.google.com/file/d/0B1u4bGQyZQlUZmZ0MDh4d2Y3VlU/view?usp=sharing​

 

This scan stops at 20% though.

 

Chenglin



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 08 November 2015 - 10:41 AM

The SURT log isn't in here. The scan doesn't stop at 20%, it hangs at it for a long time so give it a while. If it cannot complete, it'll return you a clear error message. Follow the instructions again please :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 08 November 2015 - 10:53 AM

The same error occurs. Please see attached.

Attached Files



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 08 November 2015 - 10:55 AM

Okay this is different then since there's an actual error message. Follow the instructions below please.

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.
  • Boot in Safe Mode with Networking;
  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Repair Windows Updates;
    • Reset Service Permissions;
    • Restore Important Windows Services;
    • Set Windows Services To Default Startup;
    • Remove Temporary Files;
  • Once done, click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 CHENGLIN WANG

CHENGLIN WANG
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 08 November 2015 - 11:53 AM

Please forgive my dummy.... I tried to enter Safe Mode with Network, but my network doesn't enable when I enter the system. I cannot search for any available wifi.

 

Chenglin






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users