Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidentally Executed Malware Disguised As Folder


  • Please log in to reply
1 reply to this topic

#1 Flowheimer

Flowheimer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 16 October 2017 - 06:54 AM

Wow. Rookie mistake.

I just downloaded some binaries and absent-mindedly double-clicked a bundled file that looked like a folder.

This resulted in a flurry of telltale command prompts bursting open and closed, and a dramatic increase in my heart rate.

All of my real-time anti-malware apps were disabled so whatever I unleashed has most definitely run its course and is living somewhere in my subsystem.

Windows identified the infection as Dynamer!ac

 

I tried running the malware installer in Sandboxie but whatever this thing is doing causes Sandboxie to crash on contact.

If this FRST log contains no leads I'm probably going to reformat because now I'm scared to type any passwords and that's no way to live.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2017
Ran by flowheimer (16-10-2017 14:16:59)
Running from D:\DOWNLOADS
Windows 10 Pro Version 1703 170317-1834 (X64) (2017-05-21 22:42:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2065086506-4195857188-2274866445-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2065086506-4195857188-2274866445-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2065086506-4195857188-2274866445-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2065086506-4195857188-2274866445-501 - Limited - Disabled)
flowheimer (S-1-5-21-2065086506-4195857188-2274866445-1001 - Administrator - Enabled) => C:\Users\flowheimer
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
3DimViewer (HKLM\...\{ACA1F772-E584-4F4B-BF41-EF94C3D40847}_is1) (Version:  - 3Dim Laboratory s.r.o.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 6.1.2 - Atomi Systems, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.29 - NVIDIA Corporation) Hidden
Anti-Twin (Installation Mon 2017 08 07) (HKLM-x32\...\Anti-Twin 2017-08-07 16.45.24) (Version:  - Joerg Rosenthal, Germany)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Bass Station 2.2 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.2 - Novation)
Beyond Compare 4.2.2 (HKLM\...\BeyondCompare4_is1) (Version: 4.2.2.22384 - Scooter Software)
Bombardier version 3.0.3 (HKLM\...\Bombardier_is1) (Version: 3.0.3 - Stillwell Audio LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
CloneSpy 3.34 - 64 bit (HKLM\...\CloneSpy) (Version: 3.34 - The CloneSpy Team)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{EF9495BF-843A-4F81-ACC5-40F51748D462}) (Version: 0.8.4.73 - Dolby Laboratories, Inc.)
Dornheim Segmenter DICOM Viewer (HKLM\...\{E896ECE3-9C34-4C89-82E9-364C602F147C}) (Version: 16.10.0 - Dornheim)
Event Horizon version 3.0.3 (HKLM\...\Event Horizon_is1) (Version: 3.0.3 - Stillwell Audio LLC)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2017.03.23 - FabFilter)
FastStone Capture 8.5 (HKLM-x32\...\FastStone Capture) (Version: 8.5 - FastStone Soft)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
foobar2000 v1.3.15 (HKLM-x32\...\foobar2000) (Version: 1.3.15 - Peter Pawlowski)
Forté Agent (HKLM-x32\...\{9B867430-CF67-4989-A414-68DF625D5D15}) (Version: 8.00.1272 - Forté Internet Software, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
Geekbench 4 (HKLM-x32\...\Geekbench 4) (Version:  - Primate Labs Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.3.4) (HKLM-x32\...\GPG4Win) (Version: 2.3.4 - The Gpg4win Project)
HashTab 6.0.0.34 (HKLM\...\HashTab) (Version: 6.0.0.34 - Implbits Software)
Hola™ 1.58.525 - Better Internet (HKLM\...\Hola) (Version: 1.58.525 - Hola Networks Ltd.) <==== ATTENTION
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{b23c55fa-5271-4d64-ba8f-6718be55b9a7}) (Version: 10.1.1.33 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.2.1044 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{dd9617c0-5988-4099-8f6c-335e59d72e29}) (Version: 19.71.1 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{2DF17C75-9627-4213-8612-17955E92F782}) (Version: 1.6.101.32869 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
KORG KONTROL Editor (HKLM-x32\...\{B1D4E08E-3483-469B-92A4-F484BFBC745E}) (Version: 1.70.0011 - KORG INC.)
KORG USB-MIDI Driver Tools for Windows 10 (HKLM-x32\...\{C7B06DB0-64A6-436E-B473-0E0EECC5E174}) (Version: 1.15.2101 - Korg Inc.)
LatencyMon 6.51 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo) Hidden
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.13 - Lenovo) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.7 - Lenovo)
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 2.00.000 - Lenovo) Hidden
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Major Tom version 3.0.3 (HKLM\...\Major Tom_is1) (Version: 3.0.3 - Stillwell Audio LLC)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MediaInfo 0.7.96 (HKLM\...\MediaInfo) (Version: 0.7.96 - MediaArea.net)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Mp3tag v2.83 (HKLM-x32\...\Mp3tag) (Version: 2.83 - Florian Heidenreich)
Native Instruments Abbey Road 60s Drums Vintage (HKLM-x32\...\Native Instruments Abbey Road 60s Drums Vintage) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.1.0.183 - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Komplete Elements (HKLM-x32\...\Native Instruments Komplete Elements) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.8.25 - Native Instruments)
Native Instruments Kontakt Elements Selection R2 (HKLM-x32\...\Native Instruments Kontakt Elements Selection R2) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.1.1 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.4.1.59 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.4.1512 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.0.51 - Native Instruments)
Native Instruments Reaktor Blocks Wired (HKLM-x32\...\Native Instruments Reaktor Blocks Wired) (Version: 1.0.2.1 - Native Instruments)
Native Instruments Reaktor Elements Selection (HKLM-x32\...\Native Instruments Reaktor Elements Selection) (Version:  - Native Instruments)
Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.0.1 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.4.0.3 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NVIDIA 3D Vision Driver 382.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.29 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.29 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA WMI 2.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.30.0 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Ozone Imager (HKLM-x32\...\Ozone Imager) (Version: 1.00 - iZotope, Inc.)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 4.0.3.16415 - Medixant)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Red 2 & Red 3 Plug-in Suite version 1.1 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.1 - Focusrite Audio Engineering Limited)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
Schope version 3.0.5 (HKLM\...\Schope_is1) (Version: 3.0.5 - Stillwell Audio LLC)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\...\Spotify) (Version: 1.0.54.1079.g3809528e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1242 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version:  - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
Thunderbolt™ Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
vielklang 2.4.0 (HKLM\...\vielklang_is1) (Version:  - zplane.development GmbH & Co KG)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Waves Central 1.3.3.4 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.3.3 - Waves, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\...\WinDirStat) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinRAR 5.50 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.2 - win.rar GmbH)
XLN Online Installer (HKLM\...\XLN Online Installer Inno Setup ID_is1) (Version:  - )
XXConsole: Super Console Generator  ver 0.96 (HKLM-x32\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2065086506-4195857188-2274866445-1001_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2065086506-4195857188-2274866445-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-05-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-05-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\igfxDTCM.dll [2017-01-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-16] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-05-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-05-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01CC21C4-FCD9-4BFE-B47E-0393460CF59B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {0D725FDD-59CA-4E7D-838E-2A0AC61DE3CB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-24] (Samsung Electronics Co. Ltd.)
Task: {12636462-7B89-4056-A8B0-B9842BBF4A2B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-18] (Google Inc.)
Task: {15F91ED5-7620-4495-9DF6-869A62A7DA49} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {20E7AE09-5FF6-4600-B03C-1FBBE9CFABA4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {2404ED58-B5F0-4EE0-A9E1-20729B354A10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-18] (Google Inc.)
Task: {2AED275C-0A1F-4031-A54A-E45629C790A7} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {3AA7AC73-F72B-4B97-B75C-BD62A9819055} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20] (Piriform Ltd)
Task: {40CE418F-E021-4F62-954E-BBF3581A2FB9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-08-03] (Realtek Semiconductor)
Task: {527BC7D4-3123-4AB5-B677-889C62E56A85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {52F1FFC0-9A2B-4189-99F7-9A30CB31638C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {530103D7-8F95-415E-901B-3280A089190A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {5801875F-F572-4767-B9D6-E329BD3C62C2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {5A38FE7A-764D-470D-A503-DC5F53A1C193} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {7BCEEB62-A863-4696-A861-1D63651F63BE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {80EEDEF1-D0AA-48E2-AC49-F1B073B96A95} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {8317399E-B433-4840-852C-402F971CEE53} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation)
Task: {859A50D1-7354-452C-A517-A5E1A8B40ACA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {878E4695-7AE0-4522-9348-9FFB13F47F4A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2065086506-4195857188-2274866445-1001 => C:\Users\flowheimer\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-10-10] (Lenovo Group Limited)
Task: {8B58B377-C5FB-4E07-9FE8-4048C3F4C2B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {8D8E1713-6445-4B73-8FE9-4B29F2C358D7} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {8F6C2E0D-E4A0-4614-BE59-154D885209E5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {91C5AAB9-AB3D-4A2A-8229-778008B7AB26} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-05-18] ()
Task: {9319AB81-1406-495D-AB31-58BDF60C17BB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3ffc8edc-8db8-4454-a6eb-659c104f8ff9 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {9468C723-F2A5-411E-90FB-2F2AAD36DD63} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {9AFDE2C7-66E1-483C-8723-60E2CB3146E7} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {A04CC51F-930C-4FDA-9122-0C3CF87CAEB0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1b5ba998-58af-4421-b64d-93cce130dacb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {B54D9B4D-BB1A-46B9-A9BE-DC195394CB7D} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-SFQ814TB-flowheimer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C1CE7015-3047-481C-AC14-8D1B044FDBCB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\87f41fae-26a2-4a9b-975e-83f5bfcc7538 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {D296355F-6085-4882-9F46-72D25F85CCB6} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-03-21] (Lenovo.)
Task: {E8762D40-BA28-425C-9C05-71D10FCA1E94} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {F2374A86-5B43-4679-B536-970A18DA98CA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {F4C8B683-FC3A-439B-B920-3E1180D84DC1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {FC0A01A5-B425-4032-8B62-5D8618B18938} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-08-03] (Realtek Semiconductor)
Task: {FEFED895-E037-40EE-AE46-E4C18577D4ED} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\flowheimer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloneSpy\Website.lnk -> hxxp://www.clonespy.com
 
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 3" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 3" --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Signal Private Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 3" --app-id=bikioccmkafdpakkkcpdbppfkghcmihk
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 3" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\flowheimer - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Hermie - Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\flowheimer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Hermie - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-06 15:46 - 2017-07-06 15:46 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2017-03-18 23:58 - 2017-03-18 23:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-25 16:57 - 2016-10-25 16:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-05-18 05:05 - 2017-09-26 11:39 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-18 05:33 - 2017-05-18 14:54 - 000794648 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2017-03-18 23:59 - 2017-03-19 05:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 09:47 - 2017-08-23 09:48 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 09:47 - 2017-08-23 09:48 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 09:47 - 2017-08-23 09:48 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 09:47 - 2017-08-23 09:48 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-18 05:35 - 2017-08-09 08:03 - 000200488 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2017-07-10 14:51 - 2017-08-16 15:07 - 000023928 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-09-26 02:06 - 2017-09-21 10:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 02:06 - 2017-09-21 10:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-16 13:45 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-16 13:45 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-14 11:49 - 2017-09-14 11:49 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 07:35 - 2017-10-05 07:35 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-10-05 07:35 - 2017-10-05 07:35 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-10-10 18:48 - 2017-10-10 18:48 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 11:34 - 2017-09-26 11:34 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-06 15:33 - 2017-07-06 15:33 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2017-07-06 15:21 - 2017-07-06 15:21 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2017-07-06 15:33 - 2017-07-06 15:33 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2017-07-06 15:36 - 2017-07-06 15:36 - 000890880 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2017-07-06 15:27 - 2017-07-06 15:27 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-05-26 08:52 - 2016-05-26 08:52 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\...\hola.org -> hxxp://hola.org
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 14:47 - 2016-07-16 14:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2065086506-4195857188-2274866445-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Signature\Signature01.jpg
DNS Servers: 185.37.37.37 - 185.37.39.39
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{66CA1F2D-61A9-4930-B72F-52945EFA38E5}C:\users\flowheimer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flowheimer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{633A88C0-B465-4EAA-A65B-977B6C74A1F1}C:\users\flowheimer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flowheimer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{35B0F7A5-3699-4078-A6A4-4C5B2ECC770E}] => (Allow) C:\Users\flowheimer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9D2648B-7356-4EF4-B3CD-576254305995}] => (Allow) C:\Users\flowheimer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F933F3C4-5165-4ACC-BDA3-00724FBF830F}] => (Allow) C:\Users\flowheimer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35B2D2E6-67C9-4389-89D2-745FD4EDE865}] => (Allow) C:\Users\flowheimer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{41FEFAA7-CEF9-4343-A2CE-3894BE060AF7}] => (Allow) C:\Users\flowheimer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA6046D3-81EA-4C9F-9DC8-AFA472DD405D}] => (Allow) C:\Users\flowheimer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{049598F3-70F6-4DD5-AEFD-607A036427D8}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe
FirewallRules: [UDP Query User{E0D92283-C58B-4863-8D75-E3E30EB55EB8}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe
FirewallRules: [{E6510616-6E69-4B08-9B94-F7501183D0DD}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [{0C42F532-3CE1-4D12-9695-2A64D9DB9298}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{24964BBE-02EC-49FC-B907-C24244215DEC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{65F1B1C6-A7D2-48F2-8180-9AEF6AE4B5A1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{466CDD64-2FB4-4B63-95AE-3F4BA4C1F4EF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D88621E1-DF92-460F-B795-D07094216F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{4C481F0E-E322-453B-A560-A0D5CB2A89DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B17F0F80-5035-4F27-9B6C-506129DA84AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{964DDC6E-7A4B-4F6D-9889-A505236C5ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{671209C2-92C9-4CEF-ABFC-88E1F24ED353}C:\program files (x86)\iometer.org\iometer 1.1\iometer.exe] => (Allow) C:\program files (x86)\iometer.org\iometer 1.1\iometer.exe
FirewallRules: [UDP Query User{A7729833-20D9-434F-AADC-97B3084E7DF7}C:\program files (x86)\iometer.org\iometer 1.1\iometer.exe] => (Allow) C:\program files (x86)\iometer.org\iometer 1.1\iometer.exe
FirewallRules: [TCP Query User{8A7714E8-F155-4806-A8DD-B524634E79B8}C:\program files (x86)\iometer.org\iometer 1.1\dynamo.exe] => (Allow) C:\program files (x86)\iometer.org\iometer 1.1\dynamo.exe
FirewallRules: [UDP Query User{4A1742BC-5276-4357-9786-A25715EDC32F}C:\program files (x86)\iometer.org\iometer 1.1\dynamo.exe] => (Allow) C:\program files (x86)\iometer.org\iometer 1.1\dynamo.exe
FirewallRules: [{DF65B0B7-E5B1-4337-A20F-564F0AB371DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{934CDBF9-C1E7-428F-B012-9FEEC23D5C24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6CB5F55A-8F4A-48C5-9B2E-D01272A50E81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{19F50E65-003E-4A3F-85FD-A60F06190AB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BD869F8E-C25A-4012-A2C3-AC4CE5E492A7}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [{5D0242DF-7ABC-4955-BC07-17DE9B09E7E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57FD4D47-18CE-4B64-A375-4E0548425D8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F1BEE24C-8488-4226-85E4-92EE51168CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63540057-5D81-40E6-B0C8-C29D1A3C353E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{801D832F-A979-4093-B059-8C8C920762A7}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{AFFDB363-EB65-490A-9AD1-5D8D3011E96F}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{1CE886D8-6D69-443A-9572-0EA0958C8210}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E338F705-CC3B-42F2-8221-9A131C559805}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{8071DB67-C2C2-497E-969F-25B2051FC8C8}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{6D4EDB26-F3FB-4EB6-BE58-858BA6D1FA7D}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{613B5B7B-E9BA-43E1-AF32-1E01BBE88B2A}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{5731559A-F99F-4FDA-9570-BE7F7A1ED9D5}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{61936167-EFAC-47DC-9C42-65065230CE70}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{C8B3C54F-6659-4BE8-BB11-4DD2B8650388}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{06C49B1F-3C13-40BC-91DB-2D9F546D030C}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{ED6C6393-9074-43C1-A54E-EED65A21AEA9}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{AC39B631-E13E-455F-B585-3A1F97690C9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{64C3EBC5-8E20-4F43-BFBE-319708562E0F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{810D707B-4892-4AF4-8567-DE09C0C69849}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2811C5D4-D573-4224-BDAE-531B1BB63392}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{83FA660A-3E61-49FB-9CA0-ADED6D606158}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6025B25E-91BD-4CB6-8274-5A01FC3E229B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{41971F7E-E88A-462F-9AEC-B75ED58181FC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{74D92B19-C0DC-4C06-B995-9DB433C91892}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E1836E46-8F80-452E-9782-31403402EEA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F668FCE5-4642-4C53-8F20-66D5C0DEE89D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
27-09-2017 11:04:09 Scheduled Checkpoint
03-10-2017 13:04:12 Installed Waves Central V1.0.3.3
11-10-2017 13:34:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2017 01:47:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
 
Error: (10/16/2017 01:46:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (10/16/2017 01:37:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Exception code: 0xc0000005
Fault offset: 0x0000000000065d25
Faulting process id: 0x35fc
Faulting application start time: 0x01d3466ac62a9cd1
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 1985a790-6dde-460d-ae84-12036be69445
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/16/2017 01:27:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SbieCtrl.exe, version: 5.20.0.0, time stamp: 0x59358b6b
Faulting module name: SbieCtrl.exe, version: 5.20.0.0, time stamp: 0x59358b6b
Exception code: 0xc000041d
Fault offset: 0x000000000001e3a0
Faulting process id: 0x398c
Faulting application start time: 0x01d346686e219aab
Faulting application path: C:\Program Files\Sandboxie\SbieCtrl.exe
Faulting module path: C:\Program Files\Sandboxie\SbieCtrl.exe
Report Id: 6894380d-0ff0-4222-a495-de1f69d62d52
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/16/2017 01:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SbieCtrl.exe, version: 5.20.0.0, time stamp: 0x59358b6b
Faulting module name: SbieCtrl.exe, version: 5.20.0.0, time stamp: 0x59358b6b
Exception code: 0xc0000005
Fault offset: 0x000000000001e3a0
Faulting process id: 0x398c
Faulting application start time: 0x01d346686e219aab
Faulting application path: C:\Program Files\Sandboxie\SbieCtrl.exe
Faulting module path: C:\Program Files\Sandboxie\SbieCtrl.exe
Report Id: e1be26d7-92fe-4291-8c06-6ab9e2d43d0a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/16/2017 01:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5265
 
Error: (10/16/2017 01:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5265
 
Error: (10/16/2017 01:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/16/2017 03:57:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
 
Error: (10/16/2017 03:56:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
 
System errors:
=============
Error: (10/16/2017 01:42:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 01:42:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 01:41:45 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572
 
Error: (10/16/2017 01:41:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (10/16/2017 01:41:18 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SFQ814TB)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (10/16/2017 01:20:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 01:20:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 01:20:27 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572
 
Error: (10/16/2017 01:20:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (10/16/2017 01:19:57 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SFQ814TB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-10-16 14:15:53.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 14:15:53.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 14:15:53.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 14:15:53.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 14:15:47.708
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 14:15:47.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 13:55:20.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 13:55:20.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 13:42:37.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-16 13:42:37.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 68%
Total physical RAM: 7980.01 MB
Available physical RAM: 2531.58 MB
Total Virtual: 10924.01 MB
Available Virtual: 4516.98 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:231.64 GB) (Free:147.18 GB) NTFS
Drive d: (EVO 850) (Fixed) (Total:464.51 GB) (Free:210.67 GB) NTFS
Drive g: (RECOVERY) (Removable) (Total:29.47 GB) (Free:7.29 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 8A6F0604)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.5 GB) (Disk ID: 7B060725)
Partition 1: (Active) - (Size=29.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================

Edited by Flowheimer, 16 October 2017 - 07:08 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:13 AM

Posted 19 October 2017 - 04:01 PM

Hi,

 

Dont really see anything in the logs that jumps out as malware. If you havent reformatted yet you might want to try a online scan or two, just to see if one drags something up.

 

https://www.eset.com/us/home/online-scanner/

https://www.f-secure.com/en/web/home_global/online-scanner

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users