TechSpot

Avast acting funny?

By megabomination
Oct 3, 2016
  1. Hi. My avast is telling me to upgrade and im not protected. I upgraded to the paid version in march this year!
    Also pc is occasionly freezing etc...
    Thought it might be time for a checkup :)
    .........................................................................................................................................................
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2016
    Ran by Adam (administrator) on ADAMS-PC (03-10-2016 20:41:30)
    Running from C:\Users\Adam\Downloads
    Loaded Profiles: Adam (Available Profiles: Adam & DefaultAppPool)
    Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    () C:\Windows\System32\PnkBstrA.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    () C:\Windows\System\HsMgr.exe
    (Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
    HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\system\HsMgr.exe [200704 2008-07-11] ()
    HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
    HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-17] (NVIDIA Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    HKLM\...\RunOnce: [20160527] => "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\2972b27a-874d-4dc1-a1e7-04e533d2c67c\b6107de0-7c50-464a-86aa-b07a0f05b983.dll",_stage2@16
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll [2014-09-01] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll [2014-09-01] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll [2014-09-01] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-08] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{2b7d07f6-2ace-47c5-ad69-08776f846962}: [DhcpNameServer] 192.168.9.1 192.168.9.1
    Tcpip\..\Interfaces\{2be4de89-e698-4d4c-996b-95198005e152}: [DhcpNameServer] 192.168.9.1 192.168.9.1
    Tcpip\..\Interfaces\{31bc7a36-69ee-4cbf-908b-c0395abd1e64}: [DhcpNameServer] 192.168.9.1 192.168.9.1
    Tcpip\..\Interfaces\{469c7788-1a20-4c51-b3c4-c6077cf2e005}: [DhcpNameServer] 192.168.9.1 192.168.9.1
    Tcpip\..\Interfaces\{B13F0638-6983-4BEC-9C9B-7AA35F8F669D}: [DhcpNameServer] 192.168.9.1 192.168.9.1
    Tcpip\..\Interfaces\{f6afbb26-6cd1-43f7-8fef-f01ba76a9087}: [NameServer] 10.143.147.147,10.143.147.148

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2631302871-3897047704-381176597-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2631302871-3897047704-381176597-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.techspot.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-12] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-12] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Adam\AppData\Roaming\TomTom\HOME\Profiles\k6hrp8c9.default [2015-06-06]
    FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-06-06] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-12] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-12] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2631302871-3897047704-381176597-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-15] ()

    Chrome:
    =======
    CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default [2016-10-03]
    CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-12]
    CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
    CHR Extension: (Google Docs Offline) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
    CHR Extension: (Avast Online Security) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-08]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-08] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-08] (AVAST Software)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922744 2015-12-17] (NVIDIA Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-17] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6443128 2015-12-17] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5119096 2015-12-17] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-17] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-10-03] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-10-03] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-10-03] (AVAST Software)
    R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [338936 2016-10-03] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-10-03] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-10-03] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-10-03] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-10-03] (AVAST Software)
    R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-10-03] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-10-03] (AVAST Software)
    R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [1762304 2011-12-20] (C-Media Inc)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-03] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
    R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-12-17] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [44840 2015-12-17] (NVIDIA Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2014-02-23] (Sonic Solutions) [File not signed]
    U1 staport; C:\WINDOWS\system32\Drivers\staport.sys [39832 2016-09-02] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
    R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [250368 2015-10-30] (Microsoft Corporation)
    R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-03 20:41 - 2016-10-03 20:42 - 00015353 _____ C:\Users\Adam\Downloads\FRST.txt
    2016-10-03 20:40 - 2016-10-03 20:41 - 00000000 ____D C:\FRST
    2016-10-03 20:38 - 2016-10-03 20:40 - 01754624 _____ (Farbar) C:\Users\Adam\Downloads\FRST.exe
    2016-10-03 19:59 - 2016-10-03 19:59 - 00039832 _____ () C:\WINDOWS\system32\Drivers\staport.sys.147548514864002
    2016-10-03 19:58 - 2016-10-03 19:58 - 00921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
    2016-10-03 19:58 - 2016-10-03 19:58 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-10-03 19:58 - 2016-10-03 19:58 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-10-03 19:58 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB684.tmp
    2016-10-03 19:58 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB4C8.tmp
    2016-10-03 19:58 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB5A6.tmp
    2016-10-03 19:58 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB683.tmp
    2016-10-03 19:58 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAF87.tmp
    2016-10-03 19:58 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB685.tmp
    2016-10-03 19:58 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB594.tmp
    2016-10-03 19:58 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB5A7.tmp
    2016-10-03 19:58 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB10E.tmp
    2016-10-03 19:58 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB5A5.tmp
    2016-10-03 19:51 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC14.tmp
    2016-10-03 19:51 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABEF.tmp
    2016-10-03 19:51 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC01.tmp
    2016-10-03 19:51 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC13.tmp
    2016-10-03 19:51 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABED.tmp
    2016-10-03 19:51 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC15.tmp
    2016-10-03 19:51 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABFF.tmp
    2016-10-03 19:51 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC12.tmp
    2016-10-03 19:51 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABEE.tmp
    2016-10-03 19:51 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC00.tmp
    2016-10-03 19:50 - 2016-10-03 19:50 - 00346193 _____ C:\unp305472831129653052.mdmp
    2016-10-03 19:50 - 2016-10-03 19:50 - 00341774 _____ C:\unp30547283752692329.mdmp
    2016-10-03 19:50 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF259.tmp
    2016-10-03 19:50 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF243.tmp
    2016-10-03 19:50 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF256.tmp
    2016-10-03 19:50 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF258.tmp
    2016-10-03 19:50 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF241.tmp
    2016-10-03 19:50 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF26A.tmp
    2016-10-03 19:50 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF244.tmp
    2016-10-03 19:50 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF257.tmp
    2016-10-03 19:50 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF242.tmp
    2016-10-03 19:50 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF255.tmp
    2016-10-03 19:49 - 2016-10-03 19:49 - 00319370 _____ C:\unp3054728359175106.mdmp
    2016-10-03 19:49 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9E1.tmp
    2016-10-03 19:49 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CC.tmp
    2016-10-03 19:49 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9DE.tmp
    2016-10-03 19:49 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9E0.tmp
    2016-10-03 19:49 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CA.tmp
    2016-10-03 19:49 - 2016-03-08 19:10 - 00129144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngv5ADC.tmp
    2016-10-03 19:49 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9F2.tmp
    2016-10-03 19:49 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CD.tmp
    2016-10-03 19:49 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9DF.tmp
    2016-10-03 19:49 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CB.tmp
    2016-10-03 19:49 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9DD.tmp
    2016-09-22 23:03 - 2016-09-22 23:03 - 00015356 _____ C:\Users\Adam\Desktop\Fare-Rules.pdf
    2016-09-22 23:03 - 2016-09-22 23:03 - 00013657 _____ C:\Users\Adam\Desktop\Itinerary.pdf
    2016-09-22 23:03 - 2016-09-22 23:03 - 00007029 _____ C:\Users\Adam\Desktop\Tax-Invoice.pdf
    2016-09-22 20:55 - 2016-09-22 20:55 - 00259429 _____ C:\Users\Adam\Downloads\General Terms and Conditions of Business of cleverbridge AG.pdf
    2016-09-22 20:55 - 2016-09-22 20:55 - 00082924 _____ C:\Users\Adam\Downloads\AKD-73650121483.pdf
    2016-09-22 20:55 - 2016-09-22 20:55 - 00082835 _____ C:\Users\Adam\Downloads\98231181.pdf
    2016-09-22 20:54 - 2016-09-22 20:54 - 14659584 _____ (Malwarebytes ) C:\Users\Adam\Downloads\mbam-setup-web.NT-2.2.1.1043.exe.32140lr.partial
    2016-09-18 10:52 - 2016-09-18 10:52 - 09858135 _____ C:\Users\Adam\Desktop\Champion_Spark_Plugs_Catalogue_2010(V1s).PDF
    2016-09-15 23:08 - 2014-02-21 20:32 - 1089143563 _____ C:\Users\Adam\Desktop\PPRO_2.0_Ret-NH_UE.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-03 20:25 - 2015-06-11 19:37 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-10-03 20:21 - 2015-10-30 16:39 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-10-03 20:02 - 2015-01-24 13:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-10-03 19:59 - 2014-02-16 14:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2016-10-03 19:59 - 2014-02-16 14:20 - 00433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2016-10-03 19:58 - 2016-03-08 19:11 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-10-03 19:58 - 2014-05-17 17:46 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-10-03 19:58 - 2014-02-16 14:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-10-03 19:58 - 2014-02-16 14:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-10-03 19:58 - 2014-02-16 14:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-10-03 19:58 - 2014-02-16 14:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-10-03 19:58 - 2014-02-16 14:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-10-03 19:57 - 2016-03-08 19:11 - 00338936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
    2016-10-03 19:53 - 2016-02-01 20:22 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-10-03 19:53 - 2015-10-30 16:47 - 00000000 ____D C:\WINDOWS\INF
    2016-10-03 19:51 - 2016-04-27 20:53 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
    2016-10-03 19:51 - 2016-03-08 19:11 - 00002085 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
    2016-10-03 19:51 - 2015-10-30 16:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-10-03 19:47 - 2016-02-01 20:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-10-03 19:47 - 2016-02-01 20:22 - 00000000 ____D C:\Users\Adam
    2016-10-03 19:47 - 2014-03-07 06:32 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-03 19:46 - 2014-03-07 06:32 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-17 18:47 - 2014-03-07 06:33 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-09-16 19:50 - 2015-06-06 16:26 - 00000000 ____D C:\Users\Adam\Documents\TomTom
    2016-09-16 00:24 - 2016-02-05 19:24 - 00000000 ____D C:\WINDOWS\Minidump
    2016-09-11 17:58 - 2014-03-27 17:11 - 00000000 ____D C:\Users\Adam\Documents\Reciepts
    2016-09-07 12:00 - 2015-10-30 16:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-09-07 12:00 - 2015-10-30 16:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2016-07-16 00:17 - 2016-07-16 00:17 - 0018115 _____ () C:\Users\Adam\AppData\Roaming\UserTile.png
    2014-05-29 19:45 - 2014-05-29 19:46 - 0007612 _____ () C:\Users\Adam\AppData\Local\resmon.resmoncfg
    2015-08-09 02:10 - 2015-08-09 02:10 - 0000000 _____ () C:\Users\Adam\AppData\Local\{F7AFF22D-F8D3-457D-A170-F72C6116EF10}

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-30 21:01

    ==================== End of FRST.txt ============================
     
  2. megabomination

    megabomination TS Booster Topic Starter Posts: 151

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2016
    Ran by Adam (03-10-2016 20:43:06)
    Running from C:\Users\Adam\Downloads
    Microsoft Windows 10 Home Version 1511 (X86) (2016-02-01 09:37:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Adam (S-1-5-21-2631302871-3897047704-381176597-1000 - Administrator - Enabled) => C:\Users\Adam
    Administrator (S-1-5-21-2631302871-3897047704-381176597-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2631302871-3897047704-381176597-503 - Limited - Disabled)
    Guest (S-1-5-21-2631302871-3897047704-381176597-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
    Adobe Premiere Pro 2.0 (HKLM\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
    ASUS Xonar DGX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
    Avast Internet Security (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
    Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version: - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
    Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Enemy Front (HKLM\...\Steam App 256190) (Version: - CI Games)
    Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
    Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
    Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
    Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MediaImpression 3.0 for PENTAX (HKLM\...\{C0A25D74-1A95-40ED-AA67-E6F21D9C8A38}) (Version: 3.0.1.60 - ArcSoft)
    Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2631302871-3897047704-381176597-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenAL (HKLM\...\OpenAL) (Version: - )
    PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Raptr (HKLM\...\Raptr) (Version: - )
    SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
    ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
    SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
    SketchUp 2014 (HKLM\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
    Steam (HKLM\...\Steam) (Version: - Valve Corporation)
    TomTom HOME (HKLM\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2631302871-3897047704-381176597-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
    CustomCLSID: HKU\S-1-5-21-2631302871-3897047704-381176597-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Adam\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {045E8745-A914-4135-9150-0C5A29E87AD0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0A5B65EE-0672-458D-906A-ED41C55FA2EE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {19DAE450-AAD4-41BF-A358-6FB791AE1177} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {1DCB3B19-BF46-41FC-BD9A-0570BAD0BE76} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {1ECA7BA2-BDB9-4E66-AED4-2EF4CC9B57FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-21] (Piriform Ltd)
    Task: {2B55059F-7B9C-495E-B421-21CDF9311817} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {2EC7F16A-1A5F-4752-BC20-0D5D8EC7AE16} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {30E76DEE-8B85-4C81-8D1C-3638F0983F37} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe
    Task: {3D0F7824-1822-4F8D-BFB4-A2BAFF017159} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {42535287-DE74-4EC2-B17A-C5ED96E1953A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-20] (Adobe Systems Incorporated)
    Task: {493A917E-5D69-4E67-8DB4-574BDEA39B0B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {5A0081A0-6157-40E5-85E8-77E0D1031248} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {5D56B3B4-2086-4307-8B11-E78A577CBCE6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6213202F-0A71-46A8-9850-5BAAC8F9769A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6F4A231B-4997-4287-B5F7-3F0792E362AE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {6F95BA03-F70C-4197-B948-A9A8C48B55A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {77784716-E94F-4EBB-B64F-513120E26646} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {8062FA1B-21FD-43D3-B410-58AE0E9B36EA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {838E6E58-E167-4AC7-B5A7-C92853E316B5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8A58758C-EC1F-4031-B418-42735ED8244A} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {8AE27006-FF96-45FD-AF8C-9403088A71B6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {8F069FF9-0512-4B90-BE27-B9E2E07C93F1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {8F30A811-1124-4D6B-941C-80F950B0A1BA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8F9F5BB7-89B7-46DC-AAE9-B5A380AA76B4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {97F10F56-B25C-4246-A2C3-F337CF8C8FDB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9DCFF7BA-8915-4274-9154-72D3355E9BF7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {9EF98230-445A-4186-B17A-6EA32FF96351} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A563153E-56AA-4663-8574-448A6BE15B96} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A618683F-C0FB-400D-9C4C-7CAF36745CED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {AD0CE558-A1A6-4BA5-9435-AFC42EE271D6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {AFFC971A-6B90-45E6-9426-2FC7E10C874D} - System32\Tasks\SafeZone scheduled Autoupdate 1457755618 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
    Task: {B055412A-1C77-415B-AD29-D4844814815F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
    Task: {BC557CC5-6FBD-4D80-9A05-5E98DB8A2E88} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
    Task: {BE9A5ADB-3F0F-4915-9B09-15F249BC2F86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {CC23E9B7-BEA1-4A0A-AE90-0098D7EBA64F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D0C81A6A-65B5-46E4-8BEA-A9C5F8A55E6D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D8B673BF-9B0B-47D2-8929-E9987E309FF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
    Task: {E023208C-1866-423D-B7E0-5E07ED3E2230} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E20267C8-C094-4585-B32B-C672B68257A7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E7ACB125-C4CB-40C0-9E45-B89F0751439E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F1ED72D4-50FE-4F66-B41E-689B09B2489C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {F2D2D799-C0C7-4AE8-9E78-1D7F862C1988} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F8EAEC78-0609-4011-A808-C563C9428E54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 16:44 - 2015-10-30 16:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-02-01 20:19 - 2015-12-17 01:36 - 00114480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2016-03-08 19:10 - 2016-03-08 19:10 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-03-08 19:10 - 2016-03-08 19:10 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2014-05-17 18:18 - 2014-05-17 18:18 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
    2016-01-27 22:31 - 2015-12-17 04:15 - 00164984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-10-30 16:44 - 2015-10-30 16:44 - 01858424 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-30 16:45 - 2015-10-30 17:57 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-30 18:00 - 2015-10-30 18:00 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-10-30 18:00 - 2015-10-30 18:00 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2015-10-30 18:00 - 2015-10-30 18:00 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-10-30 18:00 - 2015-10-30 18:00 - 02884096 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
    2015-10-30 18:00 - 2015-10-30 18:00 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
    2015-10-30 16:44 - 2015-10-30 16:44 - 01858424 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-27 22:31 - 2015-12-17 04:15 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
    2015-10-30 16:44 - 2015-10-30 16:44 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-10-30 16:44 - 2015-10-30 16:44 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-10-30 16:45 - 2015-10-30 17:57 - 05352960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-10-30 16:45 - 2015-10-30 17:57 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-30 16:45 - 2015-10-30 17:57 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-03-08 19:10 - 2016-03-08 19:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-04-15 18:42 - 2016-04-15 18:42 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2014-05-12 20:28 - 2008-07-11 18:04 - 00200704 _____ () C:\Windows\System\HsMgr.exe
    2016-09-17 18:47 - 2016-09-14 11:38 - 01806152 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
    2016-09-17 18:47 - 2016-09-14 11:38 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libegl.dll
    2016-09-18 10:36 - 2016-09-12 18:48 - 17754304 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2631302871-3897047704-381176597-1000\...\amazon.com -> hxxps://amazon.com
    IE trusted site: HKU\S-1-5-21-2631302871-3897047704-381176597-1000\...\commbank.com.au -> hxxps://www1.my.commbank.com.au

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:04 - 2014-11-23 16:29 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2631302871-3897047704-381176597-1000\Control Panel\Desktop\\Wallpaper -> c:\users\adam\pictures\wallpapers\jade-tower-34.jpg
    DNS Servers: 10.143.147.147 - 10.143.147.148
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: lfsvc => 3
    MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    MSCONFIG\startupreg: Cmaudio8788 => RunDll32 cmicnfgp.cpl,CMICtrlWnd
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: Raptr => "C:\Program Files\Raptr\raptrstub.exe" --startup
    MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
    FirewallRules: [{E82FA548-E4EB-4DCE-B31E-8936C8FB9F44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{AF0C0244-66EB-49EC-81B3-4626AD7A2044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{DA3580D5-2A54-46BC-B555-8725DC70C5C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{8316EA57-4D9B-4ECB-A418-FAEA8429723B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{2C5A5ED7-F3D7-4AB7-ADA5-75E2E815CC14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{2A1CCE87-D488-4FD5-AF55-ACD6FB55C1F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{55319FDD-799E-4ABA-BE89-9C01454C85E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{AC9D5BDF-8F4B-4525-A801-E5520B5EBE23}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{7604A4CC-673D-4854-899A-C56590EC0259}] => (Allow) C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{BF3ACAE0-5200-4595-8CEE-AF28D7D9FF57}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{698243A3-FF7D-44E9-A27A-DD3147D0EAC4}] => (Allow) LPort=2869
    FirewallRules: [{4B935912-A969-4852-968A-23F6C35925CA}] => (Allow) LPort=1900
    FirewallRules: [{FD922B74-0986-4BAC-AA4C-57B7566AF8E6}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{60115F76-4919-4927-B29C-3E2D8183DBD3}] => (Allow) C:\Windows\System32\PnkBstrA.exe
    FirewallRules: [{C5395171-9FBA-4147-AA1B-FD8E140BE2FB}] => (Allow) C:\Windows\System32\PnkBstrA.exe
    FirewallRules: [{E68569B0-7B15-45FB-A051-909E7BC1F511}] => (Allow) C:\Windows\System32\PnkBstrB.exe
    FirewallRules: [{E3DA4D0D-73CA-425A-9C32-8976484D53EE}] => (Allow) C:\Windows\System32\PnkBstrB.exe
    FirewallRules: [{2CE6D5D5-BA1C-4662-AB9A-F8C115D32C08}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3.exe
    FirewallRules: [{040C5DC5-64BE-424A-A481-0A72EEE7245B}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3.exe
    FirewallRules: [{4AF67D88-1577-4183-8CA5-2A55720ED503}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
    FirewallRules: [{C959B0B9-266C-4B4E-BDD7-F29D28F01972}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
    FirewallRules: [{B75E95CD-415B-4605-9567-5FE67F75AF34}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Updater.exe
    FirewallRules: [{F8DE2E3F-09AE-4EF6-ABE3-AD101BD03FD7}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Updater.exe
    FirewallRules: [{06529E51-B0F7-4CDA-8B28-52ABB970950B}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Editor.exe
    FirewallRules: [{3F8C42C9-5435-4791-AFA0-710E4DCE3C97}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Editor.exe
    FirewallRules: [{FC687A96-83F7-47EB-A5A7-908E95597B00}] => (Allow) C:\Program Files\Steam\Steam.exe
    FirewallRules: [{E2F63006-73EC-4187-916C-D9308608D4EC}] => (Allow) C:\Program Files\Steam\Steam.exe
    FirewallRules: [{CBF44472-C285-4ACD-AAEB-8A765740443F}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{DB90B509-4FD6-488D-859A-AE91B2CA6DA6}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4CF238BA-9ADE-4751-B1D6-D3D164275E27}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\EnemyFront.exe
    FirewallRules: [{7C51341B-1454-4060-BB58-7C562CA45316}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\EnemyFront.exe
    FirewallRules: [{5882E126-E53C-45FD-B18E-BBE90492C63B}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\DedicatedServer.exe
    FirewallRules: [{9B658298-504E-4D95-B805-E743C0B377D8}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\DedicatedServer.exe
    FirewallRules: [{0798529E-7477-473A-A5B8-D8C9FA3B2B22}] => (Allow) C:\Program Files\Raptr\raptr.exe
    FirewallRules: [{DFC111D5-BD6E-41AD-99B1-8DFA289950EE}] => (Allow) C:\Program Files\Raptr\raptr.exe
    FirewallRules: [{2C7780C7-91EB-4DF8-A16C-DFBC99AAAFA8}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
    FirewallRules: [{FF606223-58A2-4EF3-8A3F-442B2AF1FB2B}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
    FirewallRules: [{DA330B16-A211-4607-B961-AF3554D46F1E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{62A3BF0A-70C3-41A1-A84F-102E052DA7DC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{31FC0008-8145-4F27-9328-374DF8603A82}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe
    FirewallRules: [{736E3FA5-A743-4923-BD2F-6086A2A5E9F7}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe
    FirewallRules: [{5FEC895C-D9DC-4209-820F-ADE3B7319016}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
    FirewallRules: [{C326D3EE-C4C2-4822-AB5D-9E14B00420F0}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
    FirewallRules: [{617C0613-4E04-471E-8F0D-236261002F89}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe
    FirewallRules: [{552BC820-B417-4266-B247-7BAC1384AB3F}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe
    FirewallRules: [{2620848B-5025-4440-B25E-A9438EC10F46}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    13-09-2016 22:26:34 Scheduled Checkpoint
    22-09-2016 20:38:42 Scheduled Checkpoint
    30-09-2016 21:08:33 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/03/2016 07:51:16 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2016 07:50:59 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\CrtCheck.exe".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23506.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2016 07:50:24 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2016 07:50:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\CrtCheck.exe".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23506.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2016 07:49:26 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2016 07:49:12 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\CrtCheck.exe".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23506.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (10/03/2016 08:44:20 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 08:44:20 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 08:19:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 10 Version 1511 (KB3152599).

    Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2016 07:56:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.229.764.0).


    CodeIntegrity:
    ===================================
    Date: 2016-10-03 20:33:18.652
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:18.581
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:18.529
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:18.480
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:17.749
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:17.735
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:17.151
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:17.116
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:17.101
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-10-03 20:33:16.939
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
    Percentage of memory in use: 78%
    Total physical RAM: 3327.11 MB
    Available physical RAM: 700.68 MB
    Total Virtual: 6655.11 MB
    Available Virtual: 3245.95 MB

    ==================== Drives ================================

    Drive c: (Windows 7) (Fixed) (Total:465.31 GB) (Free:399.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 11AFA75F)
    Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    I don't see much there so far.
    First of all, did you try to reinstall Avast?
     
  4. megabomination

    megabomination TS Booster Topic Starter Posts: 151

    No. Im worried ill just have to pay for it again.And also an infection may take place during the uninstall period?
    Ill try it yes?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You should have an email from Avast with your license.
    If not, since you paid for it, you can always activate it online just by providing your email address.
    You won't get infected if you're not going to do anything else but reinstalling Avast.
    Go ahead.
     
  6. megabomination

    megabomination TS Booster Topic Starter Posts: 151

    Uninstalled,rebooted tried to reinstall. I cant as windows is telling me this programme wont run on W10. I think I had W7 and then free upgraded to W10. ? iVE contacted avasted with my problem. no responce so far!?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Windows version shouldn't matter.
    Where did you get installation file from?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...