Ja, ik ben de enigste gebruiker.
Hieronder de 2 logbestanden :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Mr. ERIK (administrator) on ACER (02-07-2017 12:03:54)
Running from C:\Users\Mr. ERIK\Downloads\Programs
Loaded Profiles: Mr. ERIK (Available Profiles: Mr. ERIK)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenVPN Technologies) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.7.0.exe
(OpenVPN Technologies) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.7.0.exe
(OpenVPN Technologies) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.7.0.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\QueryAppBlock.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-07-01] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-16] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2011-11-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-03] (Tonec Inc.)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [1277016 2017-03-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {29819bb1-b085-11e6-82bc-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b6634-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b668e-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {8e60fe2e-c87c-11e5-8265-346895914fd4} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{7134C6D0-31BD-448D-94FB-F2F2E8C8B206}: [NameServer] 10.9.0.1
Tcpip\..\Interfaces\{9EEFBD93-D88E-4C2F-9EC8-02A2D51DF6EC}: [NameServer] 172.18.13.1,172.18.11.1,172.18.12.1,8.8.8.8
Tcpip\..\Interfaces\{9EEFBD93-D88E-4C2F-9EC8-02A2D51DF6EC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/vi-vn/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2015-01-15] (iTools.hk)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2015-01-15] (iTools.hk)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: rj8s4z3f.default
FF ProfilePath: C:\Users\Mr. ERIK\AppData\Roaming\Mozilla\Firefox\Profiles\rj8s4z3f.default [2017-07-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rj8s4z3f.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\rj8s4z3f.default -> Google
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-15] [not signed]
FF HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr. ERIK\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Mr. ERIK\AppData\Roaming\IDM\idmmzcc5 [2017-07-02] [not signed]
FF HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr. ERIK\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-30] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2015-01-15] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-30] ()
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2015-01-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-02] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default [2017-07-02]
CHR Extension: (Google Docs) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-28]
CHR Extension: (Google Drive) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Google Search) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-03]
CHR Extension: (Avast SafePrice) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-02]
CHR Extension: (IDM Integration Module) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-16] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-16] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-16] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [83312 2016-09-16] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-16] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2016-02-03] (MBB Technologies Co., Ltd.)
S3 ew_mbbusbdev; C:\Windows\system32\DRIVERS\ew_mbbusbdev.sys [115584 2016-02-03] (MBB Technologies Co., Ltd.)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-12] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-12] (Intel Corporation)
S3 mbbdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2016-02-03] (MBB Technologies Co., Ltd.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-11] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\neo_vpn.sys [30504 2016-07-15] (PureVPN)
R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-20] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-02 12:00 - 2017-07-02 12:03 - 00000000 ____D C:\FRST
2017-07-01 19:05 - 2017-07-01 19:05 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-01 18:25 - 2017-05-16 15:29 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-01 13:17 - 2017-07-01 13:17 - 09543873 _____ C:\Users\Mr. ERIK\Downloads\archive.zip
2017-06-25 10:22 - 2017-07-01 16:12 - 00000000 ____D C:\Users\Mr. ERIK\Downloads\Skype Viet
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-02 12:04 - 2016-11-05 13:29 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\PrivateTunnel
2017-07-02 12:00 - 2015-01-15 14:58 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Roaming\IDM
2017-07-02 12:00 - 2015-01-15 14:16 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1003
2017-07-02 11:54 - 2015-01-15 14:48 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-02 11:54 - 2015-01-15 14:48 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-02 11:45 - 2013-08-22 22:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-02 11:45 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-02 11:38 - 2016-01-28 15:24 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-02 11:36 - 2015-01-15 15:29 - 00000000 ____D C:\Users\Mr. ERIK\Documents\Youcam
2017-07-02 11:35 - 2015-01-15 15:16 - 00003270 _____ C:\Windows\System32\Tasks\iToolsDaemon
2017-07-02 11:35 - 2015-01-15 15:16 - 00000334 _____ C:\Windows\Tasks\iToolsDaemon.job
2017-07-01 19:28 - 2015-01-15 14:58 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Roaming\DMCache
2017-07-01 19:24 - 2016-06-10 19:40 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465562444
2017-07-01 19:24 - 2016-06-10 19:40 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-01 19:04 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-01 18:55 - 2013-08-22 20:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-01 18:54 - 2017-03-29 12:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-01 18:53 - 2015-01-15 15:04 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Roaming\Skype
2017-07-01 18:51 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\Inf
2017-07-01 18:36 - 2015-01-15 14:25 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\Microsoft Help
2017-07-01 18:28 - 2016-01-29 14:21 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-01 18:26 - 2017-02-09 11:47 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-01 18:20 - 2015-01-15 14:11 - 00000000 ____D C:\Users\Mr. ERIK
2017-07-01 18:19 - 2016-01-29 14:20 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-01 18:19 - 2015-01-15 16:42 - 00000000 ____D C:\ProgramData\Atheros
2017-07-01 18:19 - 2015-01-15 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-07-01 18:19 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\rescache
2017-07-01 18:19 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-07-01 18:08 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\WinStore
2017-07-01 18:08 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\registration
2017-07-01 18:07 - 2015-01-15 15:21 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\Mozilla
2017-07-01 18:07 - 2015-01-15 15:04 - 00000000 ____D C:\ProgramData\Skype
2017-07-01 18:07 - 2015-01-15 14:11 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\Packages
2017-07-01 18:07 - 2013-08-22 22:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-07-01 18:07 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\FileManager
2017-07-01 18:07 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\Camera
2017-07-01 18:05 - 2015-01-15 14:25 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-30 11:09 - 2016-02-08 09:56 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\CrashDumps
2017-06-07 10:40 - 2016-01-31 12:00 - 00009920 _____ C:\Users\Mr. ERIK\Documents\reislist b.xlsx
2017-06-04 12:15 - 2014-11-21 13:54 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-06-04 12:15 - 2014-11-21 13:54 - 00000000 ____D C:\Windows\system32\WCN
2017-06-04 09:08 - 2016-01-28 15:27 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1453969637
2017-06-04 09:08 - 2016-01-28 15:27 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
==================== Files in the root of some directories =======
2017-02-11 10:01 - 2016-11-23 20:37 - 0000570 _____ () C:\Users\Mr. ERIK\AppData\Local\TroubleshooterConfig.json
2015-01-15 15:56 - 2015-01-15 15:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-11 09:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Mr. ERIK (02-07-2017 12:06:19)
Running from C:\Users\Mr. ERIK\Downloads\Programs
Windows 8.1 Pro (Update) (X64) (2015-01-15 07:10:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1449482339-140858233-3706602266-500 - Administrator - Disabled)
Guest (S-1-5-21-1449482339-140858233-3706602266-501 - Limited - Disabled)
Mr. ERIK (S-1-5-21-1449482339-140858233-3706602266-1003 - Administrator - Enabled) => C:\Users\Mr. ERIK
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
ANT Dictionary 2011 PE (HKLM-x32\...\{4F303BB1-5B9B-47E5-8812-D5FE64D1C3D4}) (Version: 1.0.1 - ANT Magazine)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BitTorrent (HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1129 - CyberLink Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.12.5268 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Khmer - NiDA Standard 1.0 (HKLM\...\{17CD3E4A-7328-44E5-A59F-5EBB8AD80FA6}) (Version: 1.0.3.40 - NiDA)
Khmer Dictionary 1.0 (HKLM-x32\...\{687FC5A5-8BAD-4601-B255-15B4D26A4997}) (Version: 1.0.0 - Buddhist Institute)
Khmer Unicode 2.0.1 (HKLM-x32\...\Khmer Unicode_is1) (Version: - )
Metfone 3G (HKLM-x32\...\Metfone 3G) (Version: 21.005.15.02.592 - Huawei Technologies Co.,Ltd)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
New Khmer Dictionary (HKLM-x32\...\New Khmer Dictionary) (Version: - )
Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version: - )
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.7.0.10 - OpenVPN Technologies)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1449482339-140858233-3706602266-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1DCDF100-90A7-4305-9436-0209094E327F} - \Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1001 -> No File <==== ATTENTION
Task: {328D0866-417C-4E1A-8D24-FD2E57FD986C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-16] (AVAST Software)
Task: {4D92506D-CCB7-4B2F-AB6B-0F1914A027D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-30] (Adobe Systems Incorporated)
Task: {5A359349-2466-40AB-AB7C-445B182480D1} - \WPD\SqmUpload_S-1-5-21-1449482339-140858233-3706602266-1001 -> No File <==== ATTENTION
Task: {625771E4-7E57-4048-BFE7-D7CA2FD6044F} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2015-01-15] ()
Task: {89088A7D-1EE3-442B-A223-694E3CFA0A9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
Task: {8EBC9648-AC2C-45AF-9A2C-1F4901B33E49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)
Task: {95BFA6DA-B0AF-4AD7-ADD9-359582496A17} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {AA6B8853-E976-442A-914C-6AF2D887B3CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
Task: {D509C9B4-F0E3-484F-852E-0B482D0A4E69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {D5663965-F9BA-4D71-A1CF-6B3787379714} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {D98BA23A-7DA4-48AA-B0A1-DEBD53C763F3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)
Task: {DF435A0C-445C-484A-B080-6627089B2188} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {F5EF0043-1354-4B9A-9380-EF5DB82EEA3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F8E1F50A-441B-4CFD-B83B-EB512BC6DDAD} - System32\Tasks\Opera scheduled Autoupdate 1453969637 => C:\Program Files (x86)\Opera\launcher.exe [2017-05-31] (Opera Software)
Task: {F9A09D9B-31A4-42BD-AEE4-538CDD12D90D} - System32\Tasks\SafeZone scheduled Autoupdate 1465562444 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-11-16 20:38 - 2010-11-16 20:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2016-08-30 00:31 - 2016-08-30 00:31 - 00949480 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2015-01-15 15:16 - 2015-01-15 15:16 - 00465784 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2012-10-02 11:36 - 2012-10-02 11:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-26 13:14 - 2014-02-26 13:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 13:11 - 2014-02-26 13:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 13:17 - 2014-02-26 13:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-01-15 15:16 - 2015-01-15 15:16 - 00546168 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00267128 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00534392 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-16 15:28 - 2017-05-16 15:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-15 13:02 - 2016-06-15 13:02 - 38713856 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libcef.dll
2016-06-15 13:02 - 2016-06-15 13:02 - 00880128 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libglesv2.dll
2016-06-15 13:02 - 2016-06-15 13:02 - 00102400 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 20:25 - 2017-01-28 14:59 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.9.0.1 - 172.18.13.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5EC8A163-226A-477A-97EC-DDCAA1CBF0C8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BEAA0952-DCCA-407E-AC7F-95BCE2257A5D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{785A132B-BB62-4B73-8BFA-E63A902FE1C1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5DBC1BE-D96F-467B-8955-D12D37E5DB45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A48393B4-9D49-4B17-9B22-D8D2630150C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13.exe
FirewallRules: [{B4E26FAE-946E-4BD6-A7A3-28F74A2C091E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
FirewallRules: [{D8F5469F-AFBC-4081-9066-4ADC06D33D99}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
FirewallRules: [{3E86BE6A-1912-4822-A8B3-3F4E510DE11E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13ML.exe
FirewallRules: [{E753ECAD-8AC0-4155-8246-DF1DB3AD5489}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD.exe
FirewallRules: [{D6DFFE4C-34A2-4744-A89D-F585FC3E7C60}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD Cinema\PowerDVDCinema13.exe
FirewallRules: [{CA31BC63-7C85-46AD-925C-17A7C4535425}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C779D1E-23F8-4EA1-8A76-793AD83CB8FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E83E378E-F4F7-49BF-BC5F-2275C62F8A3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5540329-0872-4A51-905F-0E8542255FA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{758D39DC-1F98-4BEC-A247-6416E6E3E931}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F8D8371-9FCA-4F3B-B33B-CE17D35B23AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{358F5387-21F2-4073-B801-09D8AE7EA8C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8699FC5C-68A6-419E-844F-5D78DF834B2A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{78AE58E7-C1CE-40D5-88F7-7520CB42F245}] => (Allow) C:\Users\Mr. ERIK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3C04A7A1-C459-4FCA-A565-1BCD836447C6}] => (Allow) C:\Users\Mr. ERIK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C27242E9-F14C-493F-A68F-9A66538DABA9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
FirewallRules: [{4C24D03C-8434-4952-A611-CAA206FB4DEA}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{442A3773-6599-4120-BD46-425645352267}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{BA085FD4-5C0D-414E-88C4-B5DC2300A692}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607_0\SZBrowser.exe
FirewallRules: [{89C24CD7-557E-4137-B50E-EE8BCB9ED92D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
04-06-2017 12:10:56 Windows Update
01-07-2017 17:58:12 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/02/2017 11:55:15 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/02/2017 11:39:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/02/2017 11:39:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/02/2017 11:35:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (07/02/2017 11:35:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/01/2017 07:06:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/01/2017 07:06:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/01/2017 07:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Faulting module name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Exception code: 0xc0000409
Fault offset: 0x000000000004395b
Faulting process id: 0x7b8
Faulting application start time: 0x01d2f2622c42ce04
Faulting application path: C:\Program Files\Bonjour\mDNSResponder.exe
Faulting module path: C:\Program Files\Bonjour\mDNSResponder.exe
Report Id: b60fc2f4-5e55-11e7-82e4-346895914fd4
Faulting package full name:
Faulting package-relative application ID:
Error: (07/01/2017 07:05:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/01/2017 07:05:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
System errors:
=============
Error: (07/01/2017 07:28:08 PM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (07/01/2017 07:28:08 PM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
Error: (07/01/2017 07:06:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
Error: (07/01/2017 07:03:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 06:55:59 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/01/2017 06:53:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2016-01-29 14:02:47.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:47.023
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:45.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:45.021
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:44.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:43.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:42.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:41.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:41.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-29 14:02:40.545
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 59%
Total physical RAM: 1929.7 MB
Available physical RAM: 788.01 MB
Total Virtual: 2825.7 MB
Available Virtual: 1418.11 MB
==================== Drives ================================
Drive c: (WINDOWS 8.1) (Fixed) (Total:99.97 GB) (Free:66.64 GB) NTFS
Drive d: (Data) (Fixed) (Total:365.27 GB) (Free:357.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================