Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Command Processor - what's going on?


  • This topic is locked This topic is locked
9 replies to this topic

#1 zzzz

zzzz

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 22 June 2017 - 08:55 AM

This WCP keeps popping up to allow or not. I allowed it, many times but had the feeling that I should check it out as my laptop isn't working as well as before.

 

There is a vast amount of info on the internet, going back many years to the present,  that it is a virus/malware and loads of various methods of getting rid of it, all quite complicated. None of my Tech news subscriptions have ever mentioned it.

 

No one says what it would do to any system and more pertinently no mention that  if going to Task Manager  there it is, not doing much. Going to Properties and details there is the Microsoft copyright and Operating system etc. Now that could be fake, clever malware, or it is genuine. My friend's Win 7 laptop does not show WCP at all in Task Manager - is it a Win 10 thing, which I have?

 

In the Search box in this forum WCP shows nothing. I've run Malware Bytes and Panda virus check with no infections but WCP may not show up in these scans. 

 

Does anyone know anything about this WCP please?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 23 June 2017 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets see what we can find.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

#3 zzzz

zzzz
  • Topic Starter

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 23 June 2017 - 09:50 AM

Deleted


Edited by zzzz, 23 June 2017 - 10:58 AM.


#4 zzzz

zzzz
  • Topic Starter

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 23 June 2017 - 10:57 AM

Thanks for your response.

 

Well I attached both files - hope this is helpful. I've read that the WCP can/does mess with the AV. I've disabled Panda and am running now Mcafee so please check that out.

 

Pasted in the FRST.txt below.

Attached Files


Edited by zzzz, 23 June 2017 - 11:26 AM.


#5 zzzz

zzzz
  • Topic Starter

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 23 June 2017 - 11:53 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
(23-06-2017 17:21:59)
Running from C:\Users\Dennis\Downloads
Windows 10 Pro Version 1607 (X64) (2016-11-14 13:35:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3820103308-942328192-3248995569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3820103308-942328192-3248995569-503 - Limited - Disabled)
Dennis (S-1-5-21-3820103308-942328192-3248995569-1001 - Administrator - Enabled) => C:\Users\Dennis
Guest (S-1-5-21-3820103308-942328192-3248995569-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AV: Panda Free Antivirus (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Alternate File Shredder 1.970 (HKLM-x32\...\Alternate File Shredder_is1) (Version:  - Alternate Tools)
ArcSoft ShowBiz (x32 Version: 3.5.13.70 - ArcSoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
ClipMagic Lite 4.1 (HKLM-x32\...\ClipMagic_3.1) (Version: 4.1 - MJT Net Ltd)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epic Privacy Browser (HKU\S-1-5-21-3820103308-942328192-3248995569-1001\...\Epic) (Version: 58.0.3029.110 - Epic)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Lenovo Power Management Driver (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3820103308-942328192-3248995569-1001\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
Lenovo Solution Center (HKLM\...\{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
Maintenance Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version:  - Samsung Electronics Co., Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
McAfee® Internet Security (HKLM-x32\...\MSC) (Version: 16.0.0 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3820103308-942328192-3248995569-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
ShowBiz (HKLM-x32\...\InstallShield_{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 5.0.1.420 - ArcSoft)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.03 - )
Video Capture Driver Install 64bit 6.0.113 (HKLM-x32\...\{EFEF320F-538D-4314-BCDB-161AE603A9EA}) (Version: 6.0.113 - geniatech)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0224E6DA-0D63-4295-8998-C057F8934E88} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {15B0EDCC-89BF-444D-A743-08FA1E037C59} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1D2A1CD0-1D07-43E4-A911-13E9F5D71A11} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Dennis\Downloads\PrivaZer.exe [2017-04-04] (Goversoft LLC)
Task: {2956BDC3-1B6A-42B4-805A-0F73714E7A8D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {29ACE0A5-8A4A-4BEE-A753-0399A45C8F48} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)
Task: {318543E6-4774-4299-841F-C2706707D500} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3B67718A-E9FC-42FE-B0F4-CC4E4FFF7CAB} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-02-14] (Lenovo)
Task: {6F72E403-5531-451F-ABA3-0058C2976AA4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {715E9E64-1459-4AFC-A214-83058C483395} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dennis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {721AF067-1873-400C-B289-E3FC3BDD15BD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-02-14] ()
Task: {75D56328-1E1E-432D-9FE5-97647834723B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)
Task: {7666FB1F-0845-42BB-B369-F43B0E76FAE3} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {874AF34F-05AC-4324-B1D0-43F1A5D4E66A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {89F56A76-4220-4491-82FA-79C81F01CA52} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-07] (McAfee, Inc.)
Task: {90D942E4-8061-447B-A0A7-5923F7CA92F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.)
Task: {A01B2107-8998-4F0C-BE33-9277C7E6AC38} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {B4B03F80-7E4A-4418-B3B8-893B8F338079} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-09] (Google Inc.)
Task: {DBF380B8-7127-4AB1-8CD0-C79EA2CC409B} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-03-07] (McAfee, Inc.)
Task: {E5D16475-2A85-43CF-8262-4B3968DD1CBB} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3820103308-942328192-3248995569-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {F181269E-A2BE-47C8-AE6F-FB88D8DB0CCA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-09] (Dropbox, Inc.)
Task: {F2627E74-B5FC-43D2-BAA1-86582CEA6EB2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-04-11] (McAfee, Inc.)
Task: {FB010000-95A7-4475-B501-B2827717F3F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-09] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Dennis\Desktop\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-09 19:09 - 2011-06-22 07:48 - 00034304 _____ () C:\WINDOWS\System32\ssp7ml6.dll
2016-11-09 19:09 - 2011-06-22 07:48 - 00826880 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssp7mdu.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 16:51 - 2017-04-28 01:49 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-04 20:06 - 2015-08-04 20:06 - 01373920 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2016-11-14 13:51 - 2016-11-14 13:51 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-23 16:57 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-23 16:58 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-23 16:58 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-23 16:58 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 16:50 - 2017-04-28 00:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-11 16:50 - 2017-04-28 00:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 16:51 - 2017-04-28 00:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-10-18 18:17 - 2011-07-06 12:02 - 01565496 _____ () C:\Program Files (x86)\ClipMagic Lite\clipmagic.exe
2017-06-22 10:59 - 2017-05-09 11:44 - 01101640 _____ () C:\Program Files\McAfee\MfeAV\AMEngineScan.dll
2017-06-22 10:59 - 2017-05-09 11:46 - 00607440 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-06-22 12:40 - 2017-06-22 12:41 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-22 12:40 - 2017-06-22 12:41 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-22 12:40 - 2017-06-22 12:41 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-22 12:40 - 2017-06-22 12:41 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-29 13:39 - 2017-05-09 10:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-29 13:39 - 2017-05-09 10:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-03-23 16:58 - 2017-03-04 07:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-06-20 15:40 - 2017-06-12 12:52 - 00775488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-20 15:40 - 2017-06-12 12:52 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-20 15:40 - 2017-06-12 12:52 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-20 15:40 - 2017-06-12 12:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-20 15:40 - 2017-06-12 12:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-20 15:40 - 2017-06-12 12:55 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-20 15:40 - 2017-06-12 12:54 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-20 15:40 - 2017-06-12 12:54 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-20 15:40 - 2017-06-12 12:54 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-20 15:40 - 2017-06-12 12:52 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-20 15:40 - 2017-06-12 12:52 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-20 15:40 - 2017-06-12 12:55 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-20 15:40 - 2017-06-12 12:54 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-15 18:17 - 2015-12-15 18:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3820103308-942328192-3248995569-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3820103308-942328192-3248995569-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKU\S-1-5-21-3820103308-942328192-3248995569-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E7665D82-7FFA-498B-BFF3-4CF7EE6D042D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{AA04122D-753A-4194-9EDE-6731A93D06F7}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{4DD25192-011C-419E-A373-2D4F00F26B6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5321988A-9C9F-4BC3-B026-47282CFD99BA}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4B495CC-8C1A-4C85-A655-D746D2DE4B28}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{99483A4E-AE0A-4189-A4A4-C30B8C82F7AD}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{32811864-C242-424D-8510-545BFE989E45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{36E736B3-23DE-4806-A537-F29776EADB1A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
04-05-2017 10:27:34 Windows Update
08-05-2017 17:39:59 Windows Update
24-05-2017 15:06:38 Windows Update
29-05-2017 13:08:12 Windows Modules Installer
05-06-2017 21:57:55 Windows Update
22-06-2017 11:15:22 McAfee Vulnerability Scanner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/23/2017 04:28:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-32FAF6F)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/22/2017 11:15:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/22/2017 10:39:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-32FAF6F)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/21/2017 09:59:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-32FAF6F)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/20/2017 10:27:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (06/20/2017 10:26:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/20/2017 10:25:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {35bb5d2b-8b3f-452c-95e1-494206c45834}
 
Error: (06/20/2017 10:18:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-32FAF6F)
Description: Activation of application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/20/2017 10:03:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-32FAF6F)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/19/2017 06:53:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TMShowBiz.exe, version: 3.5.13.70, time stamp: 0x51651f3b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x07685558
Faulting process ID: 0x25bc
Faulting application start time: 0x01d2e8e26a219b10
Faulting application path: C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\TMShowBiz.exe
Faulting module path: unknown
Report ID: 843273d4-a78b-4fec-ab71-90804e8c16e2
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/23/2017 04:13:06 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (06/23/2017 04:12:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/23/2017 03:30:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (06/22/2017 06:00:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (06/22/2017 05:59:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/22/2017 05:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/22/2017 11:01:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (06/22/2017 11:00:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (06/22/2017 11:00:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/22/2017 11:00:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-04 15:47:18.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-04-04 15:47:18.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-30 16:46:33.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-30 16:46:33.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-24 18:59:26.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-24 18:59:26.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-08 16:14:50.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-08 16:14:50.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU L 620 @ 2.00GHz
Percentage of memory in use: 72%
Total physical RAM: 3891.67 MB
Available physical RAM: 1075.89 MB
Total Virtual: 7012.61 MB
Available Virtual: 2837.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.56 GB) (Free:99.15 GB) NTFS
Drive d: () (Removable) (Total:1.87 GB) (Free:1.61 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C29B4EDE)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 23 June 2017 - 01:33 PM

Hi,

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x6474A5.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU36E.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x6474A5.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU36E.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x6474A5.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU36E.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\x6474A5.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU36E.tmp
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-3820103308-942328192-3248995569-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Dennis\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-01-19] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3820103308-942328192-3248995569-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Dennis\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-01-19] (Epic Privacy Browser)
CHR HomePage: Default -> hxxps://docs.google.com/file/d/0B0A5JoQwvdS7SXU3QTZSUU9qVkU/edit
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3323737&octid=EB_ORIGINAL_CTID&ISID=MD568F0FB-D1C2-4450-AC11-51476CB1E83A&SearchSource=55&CUI=&UM=5&UP=SPBA3632D4-C30E-4AA7-AC66-A4C8005B9922&SSPV=","hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=AE4A7957E081E1AB2741405133852532","hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=FE5B5A7298270D0978D7485258093DD8",... (long line)
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-03]
U3 mfeaack01; no ImagePath
U3 mfeavfk02; no ImagePath
U3 mfehidk01; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Please let me know what problem persists with this computer.

#7 zzzz

zzzz
  • Topic Starter

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 24 June 2017 - 06:59 AM

Thanks for all that but I am not experiencing any problems which does not necessarily mean nothing is wrong. For several days now I have not had any continuing pop ups which are experienced by those infected.

 

If I can know what WCP malware does then I can perhaps detect if I have it. Another forum gave a list of files if infected but I don't have them.

 

Do you know what the MS  WCP (in my Task Bar) is? Googling it just turns up info if it is an infection or that it has stopped working and how to fix that and there are myriad solutions to them.

 

I shall reset Chrome and disable Java in the meantime.



#8 zzzz

zzzz
  • Topic Starter

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 24 June 2017 - 07:11 AM

Java out of date? In the Java Control Panel it says updates automatic! I have disabled it there.

 

Also in Control panel (MS) it says Java (32 bit) but my laptop is 64 bit!  Now come?

      

Oh there is no "Reset browser settings" button.' under Advanced settings! Only 'Restore settings to their original defaults.'


Edited by zzzz, 24 June 2017 - 07:23 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 24 June 2017 - 08:06 AM


Did you execute the fix I submitted?
===

That is all I can say about WCF
What Is Windows Communication Foundation
https://docs.microsoft.com/en-us/dotnet/framework/wcf/whats-wcf

If you Google MS WCF you may find some information that will guide you understand why you have the Icon.

You may want to look if you have a program in the Control Panel > Programs > Programs and Features list. Do not remove anything you know nothing about.
===

Java out of date? In the Java Control Panel it says updates automatic! I have disabled it there.
Also in Control panel (MS) it says Java (32 bit) but my laptop is 64 bit! Now come?


The important is that you have Java 8 Update 131
If not update it if you want. You can delete all of the Java version. If ever you need it you will be prompted to install it.
If you are ask to install it make sure you do it from the Oracle site with the link I gave you.

#10 zzzz

zzzz
  • Topic Starter

  • Members
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:53 AM

Posted 24 June 2017 - 10:30 AM

Thanks again for your input. By the way WCP not WCF is what I want to know about.

 

I do  have Java 8 Update 131 but now disabled.

 

The logs I posted - no comments? Many 'faults' listed - unimportant I guess.

 

No I haven't done the fix. I don't think there is really anything to fix.  I'll keep this thread in mind if I need it. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users