Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Dynammer!ac Trojan on D drive

ssd drive infected recovery drive infected shop couldnot remove trojan

  • Please log in to reply

#1
Lollygoogling!

Lollygoogling!

    New Member

  • Member
  • Pip
  • 1 posts

First to identify what I am using: this is an i5-2430M core @2.40 GHz HP Pavilion dm4 2180 series with 6GBRam. It is about 4 years old, has both a SSD and a regular hard drive. It has been running slower for about 6months and now is extremely slow upon start up. I cleaned up to essentials on my start up menu. That did not make much difference.

I have never been able to make a recovery point and HP help has not been able to do so either. I have traditionally backed this machine up onto an external hard drive which takes in excess of 8 hours. In the early years I set it back to factory and reloaded once. I reload my windows 8 disc every year and MS office. I do not game, but I use this laptop for everything. I would like to run it as long as possible because the smaller case is pretty indestructible and the current machines with similar features are running much higher cost wise.

 

I have already tried for a week to remove the Trojan and then took my laptop into a shop for Trojan removal: after 5 days they could not remove this Win32/Dynammer!as Trojan.  I paid for Their time but no results, but the fellow did leave the programs from the disks on my machine. The Trojan still faithfully reappears when the laptop is started.

 

According to Windows Defender, It can be quarantined and removed: I do not agree as it keeps reappearing upon starting up the laptop.  I retrieved my computer with the Trojan still on it and followed Malwares Removal guide protocol which was marvelous in removing many viruses that the pros did not/ could not but it still did not remove the Win32/Dynammer!as Trojan. I did possibly find out the location: on the SSD drive.  File: D:preload\base.wim-->(image 25835)\program files (x86) \HPGames\Polar Golfer\golf-WT.exe-->(EXEEmb)-->EXEEmb. (similar to another query)

 

I did google and follow the two discussions online already on this Trojan but they were of no remedy to me.

 

I should note that as a habit, I promptly remove any pre-loaded HP gameware from my computer as soon as I opened the laptop out of the box.

 

The shop checked my hard drive but said it was in good shape and I did not need a replacement. When I ran an F2 comprehensive check it said my hard drive was going.

 

I just purchased a cloud to back up in real time just in case my hard drive does go. This is in addition to copying to an external hard drive which takes forever. I was thinking of wiping the laptop and resetting to factory but now I am not so sure after reading about viruses and Trojans on the D or recovery drive.

 

Thank you for considering to help me.

 

Here is the Scan result from Farbar:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Laurie (2016-01-24 10:30:54)
Running from C:\Users\Laurie\Desktop
Windows 8.1 Pro with Media Center (X64) (2014-09-17 01:53:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3513009769-3479052054-1805371133-500 - Administrator - Disabled)
Guest (S-1-5-21-3513009769-3479052054-1805371133-501 - Limited - Enabled) => C:\Users\Guest
Laurie (S-1-5-21-3513009769-3479052054-1805371133-1000 - Administrator - Enabled) => C:\Users\Laurie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

20-20 Design Version 9.0 (HKLM-x32\...\{5CF81B66-941B-4890-8D73-E6B8E848681F}) (Version: 9.0.0 - 20-20 Technologies inc)
20-20 Design Version 9.0 (x32 Version: 9.0.0 - 20-20 Technologies inc) Hidden
20-20 Design Version 9.1 (HKLM-x32\...\{A53C6F86-7E6C-48CE-9DCA-DE58F79EE02D}) (Version: 9.1.0 - 20-20 Technologies inc)
20-20 Design Version 9.1 (x32 Version: 9.1.0 - 20-20 Technologies inc) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.200.1717.102 - Alps Electric)
Amazon Kindle (HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Capture One 8.1 (HKLM\...\CaptureOne8_is1) (Version: 8.1.0.200 - Phase One A/S)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Client Activator 2.0 - English (2) (HKLM-x32\...\Rainbow Client Activator 2.0 English) (Version:  - )
Client Activator 2.0 - English (All) (HKLM-x32\...\Rainbow Client Activator 2.0 English All) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Design (HKLM-x32\...\{CB49401D-D1E8-4068-BCAA-2F589856D0BA}) (Version: 10.4.0.39 - 20-20 Technologies)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\Flux) (Version:  - )
Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.04.17271 - Sony Corporation)
Image Rescue 4 (HKLM-x32\...\Image Rescue 4_is1) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.05 (7/10/2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.01 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 PCL6 (HKLM-x32\...\Samsung Universal Print Driver 2 PCL6) (Version: 2.50.03.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SmarThru Office (HKLM-x32\...\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}) (Version: 2.10.000 - Samsung Electronics Co., Ltd.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncFileSetup (x86) (x32 Version: 1.1.5731.17046 - Western Digital Technologies, Inc) Hidden
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Sync (HKLM-x32\...\{d754cb4c-5acb-4fd1-8e64-a3b76455885d}) (Version: 1.1.5731.17046 - Western Digital Technologies, Inc.)
Wibu Share 64 Dll (HKLM-x32\...\{3359F638-219D-45DD-87A3-02718F299D8D}) (Version: 1.0.0 - 20-20 Technologies)
Windows Driver Package - Leaf Imaging Ltd. Image  (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.)
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice  (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3513009769-3479052054-1805371133-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3513009769-3479052054-1805371133-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0335C5BF-A25C-4B7E-A889-C8A990C9E236} - System32\Tasks\{AB08A8BF-F076-494A-8541-1E15510555C9} => pcalua.exe -a C:\Users\Laurie\Downloads\miele_14_1.exe -d C:\Users\Laurie\Downloads
Task: {03C4494E-C55E-418F-89D6-D9F55D0913BA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0eff1ec70f4ea => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {06E5CA61-17DE-4FF3-9951-1DC584DBF223} - System32\Tasks\{64C9DF23-DB89-47E3-8DD9-76B2946A29AA} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2419I1X\efri_14.exe" -d C:\Users\Laurie\Desktop
Task: {140C7FFA-EDC0-4879-9C6B-0336E58C7BCC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {181E2DF0-03E9-49FF-A990-1174F9B78A0D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {286DC9C7-804D-4D87-A613-F0BF2F6B782C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-09] (Dropbox, Inc.)
Task: {2ADE3946-291D-4272-94EE-2555DEBF1FBC} - System32\Tasks\{B262E9BC-80A2-4E6D-91D2-B158EB201881} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2419I1X\elux_14.exe" -d C:\Users\Laurie\Desktop
Task: {391EAF01-01E0-44C2-906B-927688F5960A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-09] (Dropbox, Inc.)
Task: {3E8DF410-6541-46AF-B13C-0E4BA8E8A26D} - System32\Tasks\{0A28B246-550B-47F8-B2BD-D490E20B9060} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA1FU2AW\richl_10_12 mai 2010.exe" -d C:\Users\Laurie\Desktop
Task: {46C0EFE8-C904-4366-B671-F635B87C5542} - System32\Tasks\{E069E653-BD3E-49D9-BEE9-E273E3733388} => pcalua.exe -a C:\Users\Laurie\Downloads\kohler-k.exe -d C:\Users\Laurie\Downloads
Task: {46EFE2BB-1F66-4F14-BEF1-74E23013EA0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {59CF494E-C716-441D-8637-996921DAE709} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {5DA0E97E-EF2E-4F4A-BB02-72120CA08D1B} - System32\Tasks\{AA91F200-4FE7-4186-BC58-923F2DE71620} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2419I1X\sbzwolf5_v9.exe" -d C:\Users\Laurie\Desktop
Task: {6A54E6BA-EE02-417A-8ECC-1DE13FF93145} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {6EDB4591-9C1C-4259-955E-5B1894D2E119} - System32\Tasks\{675B1A08-0001-4E0E-AA14-8E1A599AC439} => pcalua.exe -a C:\Users\Laurie\Downloads\viking14.exe -d C:\Users\Laurie\Downloads
Task: {756C1987-46EC-467D-B1D9-87E6B108F74E} - System32\Tasks\{B7A8A82F-8DC3-4408-AC25-9E95C3D9A003} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA1FU2AW\therma10.exe" -d C:\Users\Laurie\Desktop
Task: {7B322D89-B67E-4E6F-BAB5-BE6023CF3097} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3513009769-3479052054-1805371133-1000Core1d0f093d46e48c1 => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7BB4AF3B-D600-414B-A53E-F15C3C51B6CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7C7B052B-C97C-49A8-A852-6807D76CD930} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {86B43328-2097-40A1-A680-0098F8D79B30} - System32\Tasks\{DA478527-DFB9-4435-AD80-0027E0395926} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA1FU2AW\marvel (1).exe" -d C:\Users\Laurie\Desktop
Task: {8CAD82DD-246B-45E4-8113-859C64FA95A8} - System32\Tasks\{72F01607-0173-4136-A160-FD7125C8F7BF} => pcalua.exe -a C:\Users\Laurie\Downloads\gemon_4q.exe -d C:\Users\Laurie\Downloads
Task: {8CD58BDC-2988-44A3-84AB-D9C10CD647D4} - System32\Tasks\{56630702-CBD5-408E-850C-B83E5FBEE1A3} => pcalua.exe -a C:\Users\Laurie\Downloads\grass_14.exe -d C:\Users\Laurie\Downloads
Task: {965F507F-3776-492C-9555-812AA6CBF719} - System32\Tasks\{5F806205-CF18-4996-A428-DCF8F8A8A281} => pcalua.exe -a C:\Users\Laurie\Downloads\gedua_4q.exe -d C:\Users\Laurie\Downloads
Task: {A0B47B94-7C49-442A-B03A-8FFA69290775} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {A68947DC-745C-485D-8D60-39356077C1C5} - System32\Tasks\{89CE7F45-642B-45C6-9D59-D4B9276DF06C} => pcalua.exe -a "C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\SEInstall\Setup.exe" -c /R
Task: {A6D4B63F-4A75-4A35-A56E-B0B76D170210} - System32\Tasks\{1B359BC1-D6B3-433C-A7EF-704ADFBD27E0} => pcalua.exe -a C:\Users\Laurie\Downloads\reva-sl.exe -d C:\Users\Laurie\Downloads
Task: {A7869210-BDDF-4BE8-9614-D8806FFFD486} - System32\Tasks\{67B58DE2-5BBF-4693-B3CC-5112DAD84DBD} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA1FU2AW\gemon2q.exe" -d C:\Users\Laurie\Desktop
Task: {A81A82AB-4E91-4F29-89E0-F876081731A9} - System32\Tasks\{3EE61477-766B-418F-AB78-6F07F25A6F98} => pcalua.exe -a C:\Users\Laurie\Downloads\Downloads\dacor10.exe -d C:\Users\Laurie\Downloads\Downloads
Task: {B2762718-4061-4F47-AC29-13F7B5FBA793} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C23158C9-4BBA-4DAA-9492-1D06B428994B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {C5FED057-262E-4841-87B7-09366BB474AB} - System32\Tasks\{C2BBA33B-A164-4EAE-9FED-4F3F95BDBE11} => pcalua.exe -a C:\Users\Laurie\Downloads\marvel.exe -d C:\Users\Laurie\Downloads
Task: {CAC6E359-1405-4003-95C6-E620E0EB14E0} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {CC0FD7A9-83AA-4A9D-97A3-19428AE4E948} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {D31735B8-892F-4872-AFD2-8B9FD8166B2A} - System32\Tasks\{46E0DB85-AF65-45C9-BF0B-A0405351BE3F} => pcalua.exe -a C:\Users\Laurie\Downloads\lieb_14.exe -d C:\Users\Laurie\Downloads
Task: {D445E68D-9315-4ABB-8745-C413F15A17CB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {D5F45BE1-0F5D-4E23-A88B-1E13711F7BFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3513009769-3479052054-1805371133-1000Core => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D61F5386-08A3-4123-A54C-232BDACD9EB1} - System32\Tasks\{52AA5502-60BB-4561-993F-B1B3ECF4DFFB} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA1FU2AW\dacor10.exe" -d C:\Users\Laurie\Desktop
Task: {E3A71618-90A5-4EF4-A272-22AC5942FFC3} - System32\Tasks\{C000EC1A-D0E3-43CB-8949-C8949A76127D} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2419I1X\eicon_14.exe" -d C:\Users\Laurie\Desktop
Task: {E70F44E7-AF23-43CC-824D-770ABBB7B931} - System32\Tasks\{45959ED6-7B80-47E0-992A-5BB8788D031E} => pcalua.exe -a C:\Users\Laurie\Downloads\Downloads\elux_14(1).exe -d C:\Users\Laurie\Downloads\Downloads
Task: {EF237876-6FE8-4C72-B7DB-5B339B27994D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F0CFA73D-7F8F-42C6-8BFA-82723E05469E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F2E738F3-8117-4B99-ABF8-D77844D2649C} - System32\Tasks\{5912C74C-D1C1-4505-9893-E4581823312D} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKGSCBBE\miele_14_1.exe" -d C:\Users\Laurie\Desktop
Task: {F2F4CADF-528F-4F43-8ABB-8329F94BDB3E} - System32\Tasks\{2B87E821-6FF6-4683-AAE4-43993A1CE1C5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5CF81B66-941B-4890-8D73-E6B8E848681F}\setup.exe" -c -runfromtemp -l0x0409 anything -removeonly
Task: {F37F2DCB-A291-483C-8B04-CDF4039482E6} - System32\Tasks\{0D31F6BA-4FE5-41E4-AD03-6447CABD0A65} => pcalua.exe -a "C:\ProgramData\Package Cache\{6b5f9db0-02dc-4c5b-b16b-6a7f1f81557e}\GraboidVideoInstaller-3.89.exe" -c  /uninstall
Task: {F3E920F4-7490-4BF9-8505-580D8EC89445} - System32\Tasks\{9BDDBD60-67C2-4933-A925-FF316B9FE06E} => pcalua.exe -a C:\Users\Laurie\Downloads\winelo14.exe -d C:\Users\Laurie\Downloads
Task: {F4D5334E-6078-4972-96F7-1FA06B35FA28} - System32\Tasks\{56CF2511-8C9E-4919-8EF8-2D67DEA1BE34} => pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA1FU2AW\marvel.exe" -d C:\Users\Laurie\Desktop
Task: {F60F3CE8-D8C7-4051-8FCC-EFBE63F7DCF0} - System32\Tasks\{B17474EE-64BF-40BA-9B57-9B58CA48517F} => pcalua.exe -a C:\Users\Laurie\Downloads\jennair.exe -d C:\Users\Laurie\Downloads
Task: {F69B52A8-F077-47F8-B461-7857ECE81CEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3513009769-3479052054-1805371133-1000UA => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FA79498B-BEBE-4012-A256-87C4CD244CA8} - System32\Tasks\{96C97D10-CE93-43A9-8CDB-B30EA96C23C8} => pcalua.exe -a C:\Users\Laurie\AppData\Local\PennyBee\pennybee\1.3.8.3\pennybee.exe -c /uninstl

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0eff1ec70f4ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3513009769-3479052054-1805371133-1000Core.job => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3513009769-3479052054-1805371133-1000Core1d0f093d46e48c1.job => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3513009769-3479052054-1805371133-1000UA.job => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-01-15 08:52 - 2007-01-15 08:52 - 00022016 _____ () C:\WINDOWS\System32\cx21sl6.dll
2014-10-14 12:53 - 2011-04-10 21:26 - 00034304 _____ () C:\WINDOWS\System32\spep6l.dll
2014-10-06 14:19 - 2011-04-10 21:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2015-10-20 19:24 - 2015-03-11 18:43 - 00022528 _____ () C:\WINDOWS\System32\us003lm.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-20 19:24 - 2015-10-20 19:24 - 00143664 ____N () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2010-10-21 09:22 - 2010-10-21 09:22 - 00709632 _____ () C:\WINDOWS\system32\SnMinDrv.dll
2007-01-16 00:45 - 2014-07-19 00:08 - 00087552 ____N () C:\WINDOWS\system32\SSDEVM64.DLL
2016-01-22 17:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-22 17:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-22 17:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-22 17:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-22 17:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-07-31 21:30 - 2012-06-25 23:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
AlternateDataStreams: C:\Users\Laurie\Desktop\Recovery Session File # Mon, 08-Dec-2014[14 6 7].rrs4:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Downloads\Finance:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\.DESIGN BUSINESS:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\.SPECTRUM CABINETRY:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\2015 test MUSICMACHINE-HP.speccy:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\2020 downloads:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Adobe:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\ARIZONA San Simeon Condo:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\BALMORAL:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Banking:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\BSF:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Business:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\cache:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\CARDS:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Church:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\COMPUTER:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Default.rdp:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Downloads - Shortcut.lnk:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\FAMILY:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\GARDEN:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\HEALTH:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\HOUSEHOLD INFO:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\KEEPERS emails worth saving and passing on:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\KEKULI BAY CABINETRY:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\MASTER COMPOSTER:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Matt's Documents:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\MINISTRY:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\MK:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\my OUTLOOK:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\PHOTOS:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Printshop Projects:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\RECIPES:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Rick's Words:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\SEWING:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Sony PMB:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\TAXES:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\WillExpert:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\WORK SEARCH:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurie\Dropbox\Documents\Youcam:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99320692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99320692.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2016-01-11 22:01 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Laurie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1 - 64.59.174.84
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "20-20 Shortcut Bar.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "STO Backup Service"
HKLM\...\StartupApproved\Run32: => "STO Launcher Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "SansaDispatch"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E76C975296F20119B357F0CF28EB7223"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3513009769-3479052054-1805371133-1000\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FA927B43-A01E-4B6B-AF9D-71B1CBCC5714}] => (Allow) LPort=4040
FirewallRules: [{6626CAB2-62BB-46B4-8FAE-59910BB61C55}] => (Allow) C:\Program Files (x86)\20-20 Technologies\Design\Bin\System\design.exe
FirewallRules: [{6880FC73-05BF-44E7-AF53-0756DDA7E0FD}] => (Block) C:\program files (x86)\20-20 technologies\2020design\mswin\60\design.exe
FirewallRules: [{64BE2DAB-8EDE-41CC-B247-2BDEA16A547F}] => (Block) C:\program files (x86)\20-20 technologies\2020design\mswin\60\design.exe
FirewallRules: [UDP Query User{B31F75F6-93E9-4D29-9BF5-661212D95EE1}C:\program files (x86)\20-20 technologies\2020design\mswin\60\design.exe] => (Allow) C:\program files (x86)\20-20 technologies\2020design\mswin\60\design.exe
FirewallRules: [TCP Query User{230F8F47-B95B-4377-8D95-78B060B276D7}C:\program files (x86)\20-20 technologies\2020design\mswin\60\design.exe] => (Allow) C:\program files (x86)\20-20 technologies\2020design\mswin\60\design.exe
FirewallRules: [{9173C926-22FE-4ABA-90D7-72589077E50F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A865346-F198-4857-83BD-52399738D242}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0494C8C8-8DBE-4C80-82A0-EAE6B3D824B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C65AA95-6631-465B-A8D1-D2B88EC52BF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6571EFF-E9B6-4107-B9C4-4C76D2DC8FF2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{3B7526F3-766B-42EA-BE60-637C8BD55142}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{39AF9E4C-865C-4580-B54C-C7B151C3C914}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{DEFFA836-0285-43BC-879B-FECA0CAE134E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{C3307940-2390-475B-816A-3A857958C6A1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{729104D1-A9B0-4F12-991E-1A06237C777E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{98EF29EB-BDDA-4780-A8D7-CB5D9D81BA94}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{41CE897A-1E29-47ED-BCA3-1E93174BE28B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{15E14039-6E88-4BA5-B948-B64F6A7ED312}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{C33F6FD3-9B0E-437D-BD39-501FED1A0F16}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{35238BC7-34A3-47FC-8BCB-83092FF7E144}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2 PCL6\PrinterSelector\SUPDApp.exe
FirewallRules: [{C15CBBE7-434D-4578-B6D1-BCD123BE6DE3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{277E8B29-B0E7-4670-AA22-8067F4B199A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B2E39B7-0DF8-4010-A56C-AB08369FABD8}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{35AEA1E6-6B90-4D73-B474-1D8A4AD79BBE}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{827950B8-CEDD-4177-B849-87953E8DF80A}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{5BEF62B5-25E8-4198-9A8E-3179F60D13D3}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{AF40BE35-14AD-402C-904F-856EE601829C}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{21B3AC95-0544-416E-888C-9B2B5404BBE1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{11BFFE24-3808-4ADA-B072-50CDB8B550A4}] => (Allow) LPort=2869
FirewallRules: [{B04A9F87-0061-4222-8AE0-33598DCB870D}] => (Allow) LPort=1900
FirewallRules: [{24757580-9D66-4D52-AE2F-7E3C332361BC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{49AF1855-2EAE-43E3-B061-9D858EEB2B23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4F4F6E8-469D-4C14-944A-0C3F2168E6FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72BE2FFD-DB92-4139-8921-C0BE373DE54A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01C43767-4C03-4D6E-9904-EC8D089972A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE58872C-21BA-436C-A7EC-4900DAFD8892}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [{7291D450-5FA4-4AEE-AB7F-AD5E0E9511C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F6D68E07-F582-4DBB-8C58-96382AFD6747}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0600E11-42FF-4A11-81DE-181B8B4E1829}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{68768AA7-857A-4614-A8E2-C476CF177981}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{82EC5E73-1B2B-4EE9-986F-371134A8CF47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2016 11:41:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cf0

Start Time: 01d15679e34d3933

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d151ee3b-c26d-11e5-8099-101f74e58823

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/23/2016 11:11:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8fc

Start Time: 01d15675acea6774

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a06cab6d-c269-11e5-8099-101f74e58823

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/23/2016 10:41:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 314

Start Time: 01d156717c0aaade

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6f839ed3-c265-11e5-8099-101f74e58823

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/23/2016 10:23:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13ac

Start Time: 01d1566f9416b4e5

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: ed238c1e-c262-11e5-8099-101f74e58823

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2016 10:22:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 474

Start Time: 01d1566f6d11df4d

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: cc33bae9-c262-11e5-8099-101f74e58823

Faulting package full name:

Faulting package-relative application ID:

Error: (01/23/2016 10:06:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 874

Start Time: 01d1566cb6e6076a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: aa4ae717-c260-11e5-8098-101f74e58823

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/23/2016 10:03:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/23/2016 09:59:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_adisk†“_tcp.local.†“.â€

Error: (01/23/2016 09:59:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."

Error: (01/23/2016 09:59:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_afpovertcp†“_tcp.local.†“.â€


System errors:
=============
Error: (01/24/2016 09:35:26 AM) (Source: hpdskflt) (EventID: 1001) (User: )
Description:

Error: (01/24/2016 06:57:49 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (01/24/2016 06:51:22 AM) (Source: DCOM) (EventID: 10010) (User: MusicMachine-HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/23/2016 10:33:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer OFFICE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5718232C-D574-42DD-B60F-C96267CD520C}.
The master browser is stopping or an election is being forced.

Error: (01/23/2016 10:21:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel64 service failed to start due to the following error:
%%20

Error: (01/23/2016 10:20:30 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (01/23/2016 10:21:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:14:37 PM on ‎1/‎23/‎2016 was unexpected.

Error: (01/23/2016 09:57:26 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer OFFICE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5718232C-D574-42DD-B60F-C96267CD520C}.
The master browser is stopping or an election is being forced.

Error: (01/23/2016 09:50:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (01/23/2016 09:50:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.


CodeIntegrity:
===================================
  Date: 2016-01-24 10:20:18.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 10:20:18.169
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 10:20:16.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 10:20:16.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 09:40:30.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 09:40:30.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 08:36:31.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 08:36:31.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 00:06:19.735
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-24 00:06:19.469
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 6091.86 MB
Available physical RAM: 3625.28 MB
Total Virtual: 7115.86 MB
Available Virtual: 4445.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.81 GB) (Free:305.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.66 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
Drive g: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: F19F071B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=672.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP

I need your FRST.txt log.  The Addition.txt is what you posted.  It shows a lot of suspicious tasks which is probably how it keeps coming back.  Also please uninstall Spybot S&D and have it remove any immunization that it did.  Makes it hard to work on and some of the things it does actually slow the PC down a lot.

 

.


  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP

I've created a fixlist just from the addition.txt.  Might as well go ahead and run it after you uninstall Spybot.  This will give us a new FRST and a new Addition file so no need to dig up the other one.

 

Download the attached fixlist.txt to the same location as FRST
 
[attachment=80105:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Also Download aswmbr.exe
 
to your desktop.
Right click aswMBR.exe and Run As Administrator.
uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast engine download)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
 
 
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP