Inactive Avast acting funny?

Status
Not open for further replies.

megabomination

Posts: 151   +0
Hi. My avast is telling me to upgrade and im not protected. I upgraded to the paid version in march this year!
Also pc is occasionly freezing etc...
Thought it might be time for a checkup :)
.........................................................................................................................................................
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2016
Ran by Adam (administrator) on ADAMS-PC (03-10-2016 20:41:30)
Running from C:\Users\Adam\Downloads
Loaded Profiles: Adam (Available Profiles: Adam & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Windows\System\HsMgr.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-17] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\RunOnce: [20160527] => "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\2972b27a-874d-4dc1-a1e7-04e533d2c67c\b6107de0-7c50-464a-86aa-b07a0f05b983.dll",_stage2@16
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll [2014-09-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll [2014-09-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll [2014-09-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2b7d07f6-2ace-47c5-ad69-08776f846962}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Tcpip\..\Interfaces\{2be4de89-e698-4d4c-996b-95198005e152}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Tcpip\..\Interfaces\{31bc7a36-69ee-4cbf-908b-c0395abd1e64}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Tcpip\..\Interfaces\{469c7788-1a20-4c51-b3c4-c6077cf2e005}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Tcpip\..\Interfaces\{B13F0638-6983-4BEC-9C9B-7AA35F8F669D}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Tcpip\..\Interfaces\{f6afbb26-6cd1-43f7-8fef-f01ba76a9087}: [NameServer] 10.143.147.147,10.143.147.148

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2631302871-3897047704-381176597-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2631302871-3897047704-381176597-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.techspot.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Adam\AppData\Roaming\TomTom\HOME\Profiles\k6hrp8c9.default [2015-06-06]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-06-06] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2631302871-3897047704-381176597-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-15] ()

Chrome:
=======
CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default [2016-10-03]
CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-12]
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-08] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922744 2015-12-17] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6443128 2015-12-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5119096 2015-12-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-10-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-10-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-10-03] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [338936 2016-10-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-10-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-10-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-10-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-10-03] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-10-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-10-03] (AVAST Software)
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [1762304 2011-12-20] (C-Media Inc)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-12-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [44840 2015-12-17] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2014-02-23] (Sonic Solutions) [File not signed]
U1 staport; C:\WINDOWS\system32\Drivers\staport.sys [39832 2016-09-02] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [250368 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 20:41 - 2016-10-03 20:42 - 00015353 _____ C:\Users\Adam\Downloads\FRST.txt
2016-10-03 20:40 - 2016-10-03 20:41 - 00000000 ____D C:\FRST
2016-10-03 20:38 - 2016-10-03 20:40 - 01754624 _____ (Farbar) C:\Users\Adam\Downloads\FRST.exe
2016-10-03 19:59 - 2016-10-03 19:59 - 00039832 _____ () C:\WINDOWS\system32\Drivers\staport.sys.147548514864002
2016-10-03 19:58 - 2016-10-03 19:58 - 00921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2016-10-03 19:58 - 2016-10-03 19:58 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-10-03 19:58 - 2016-10-03 19:58 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-10-03 19:58 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB684.tmp
2016-10-03 19:58 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB4C8.tmp
2016-10-03 19:58 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB5A6.tmp
2016-10-03 19:58 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB683.tmp
2016-10-03 19:58 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAF87.tmp
2016-10-03 19:58 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB685.tmp
2016-10-03 19:58 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB594.tmp
2016-10-03 19:58 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB5A7.tmp
2016-10-03 19:58 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB10E.tmp
2016-10-03 19:58 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswB5A5.tmp
2016-10-03 19:51 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC14.tmp
2016-10-03 19:51 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABEF.tmp
2016-10-03 19:51 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC01.tmp
2016-10-03 19:51 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC13.tmp
2016-10-03 19:51 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABED.tmp
2016-10-03 19:51 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC15.tmp
2016-10-03 19:51 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABFF.tmp
2016-10-03 19:51 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC12.tmp
2016-10-03 19:51 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswABEE.tmp
2016-10-03 19:51 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswAC00.tmp
2016-10-03 19:50 - 2016-10-03 19:50 - 00346193 _____ C:\unp305472831129653052.mdmp
2016-10-03 19:50 - 2016-10-03 19:50 - 00341774 _____ C:\unp30547283752692329.mdmp
2016-10-03 19:50 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF259.tmp
2016-10-03 19:50 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF243.tmp
2016-10-03 19:50 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF256.tmp
2016-10-03 19:50 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF258.tmp
2016-10-03 19:50 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF241.tmp
2016-10-03 19:50 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF26A.tmp
2016-10-03 19:50 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF244.tmp
2016-10-03 19:50 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF257.tmp
2016-10-03 19:50 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF242.tmp
2016-10-03 19:50 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswF255.tmp
2016-10-03 19:49 - 2016-10-03 19:49 - 00319370 _____ C:\unp3054728359175106.mdmp
2016-10-03 19:49 - 2016-08-06 16:33 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9E1.tmp
2016-10-03 19:49 - 2016-03-10 18:58 - 00816304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CC.tmp
2016-10-03 19:49 - 2016-03-10 18:58 - 00091168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9DE.tmp
2016-10-03 19:49 - 2016-03-08 19:11 - 00447848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9E0.tmp
2016-10-03 19:49 - 2016-03-08 19:11 - 00356640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CA.tmp
2016-10-03 19:49 - 2016-03-08 19:10 - 00129144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngv5ADC.tmp
2016-10-03 19:49 - 2016-03-08 19:10 - 00127432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9F2.tmp
2016-10-03 19:49 - 2016-03-08 19:10 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CD.tmp
2016-10-03 19:49 - 2016-03-08 19:10 - 00058776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9DF.tmp
2016-10-03 19:49 - 2016-03-08 19:10 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9CB.tmp
2016-10-03 19:49 - 2016-03-08 19:10 - 00032792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9DD.tmp
2016-09-22 23:03 - 2016-09-22 23:03 - 00015356 _____ C:\Users\Adam\Desktop\Fare-Rules.pdf
2016-09-22 23:03 - 2016-09-22 23:03 - 00013657 _____ C:\Users\Adam\Desktop\Itinerary.pdf
2016-09-22 23:03 - 2016-09-22 23:03 - 00007029 _____ C:\Users\Adam\Desktop\Tax-Invoice.pdf
2016-09-22 20:55 - 2016-09-22 20:55 - 00259429 _____ C:\Users\Adam\Downloads\General Terms and Conditions of Business of cleverbridge AG.pdf
2016-09-22 20:55 - 2016-09-22 20:55 - 00082924 _____ C:\Users\Adam\Downloads\AKD-73650121483.pdf
2016-09-22 20:55 - 2016-09-22 20:55 - 00082835 _____ C:\Users\Adam\Downloads\98231181.pdf
2016-09-22 20:54 - 2016-09-22 20:54 - 14659584 _____ (Malwarebytes ) C:\Users\Adam\Downloads\mbam-setup-web.NT-2.2.1.1043.exe.32140lr.partial
2016-09-18 10:52 - 2016-09-18 10:52 - 09858135 _____ C:\Users\Adam\Desktop\Champion_Spark_Plugs_Catalogue_2010(V1s).PDF
2016-09-15 23:08 - 2014-02-21 20:32 - 1089143563 _____ C:\Users\Adam\Desktop\PPRO_2.0_Ret-NH_UE.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 20:25 - 2015-06-11 19:37 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-03 20:21 - 2015-10-30 16:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-03 20:02 - 2015-01-24 13:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-03 19:59 - 2014-02-16 14:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-10-03 19:59 - 2014-02-16 14:20 - 00433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-10-03 19:58 - 2016-03-08 19:11 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-10-03 19:58 - 2014-05-17 17:46 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-10-03 19:58 - 2014-02-16 14:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-10-03 19:58 - 2014-02-16 14:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-10-03 19:58 - 2014-02-16 14:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-10-03 19:58 - 2014-02-16 14:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-10-03 19:58 - 2014-02-16 14:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-10-03 19:57 - 2016-03-08 19:11 - 00338936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2016-10-03 19:53 - 2016-02-01 20:22 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-03 19:53 - 2015-10-30 16:47 - 00000000 ____D C:\WINDOWS\INF
2016-10-03 19:51 - 2016-04-27 20:53 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2016-10-03 19:51 - 2016-03-08 19:11 - 00002085 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-10-03 19:51 - 2015-10-30 16:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-10-03 19:47 - 2016-02-01 20:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-03 19:47 - 2016-02-01 20:22 - 00000000 ____D C:\Users\Adam
2016-10-03 19:47 - 2014-03-07 06:32 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-03 19:46 - 2014-03-07 06:32 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-17 18:47 - 2014-03-07 06:33 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 19:50 - 2015-06-06 16:26 - 00000000 ____D C:\Users\Adam\Documents\TomTom
2016-09-16 00:24 - 2016-02-05 19:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-11 17:58 - 2014-03-27 17:11 - 00000000 ____D C:\Users\Adam\Documents\Reciepts
2016-09-07 12:00 - 2015-10-30 16:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 12:00 - 2015-10-30 16:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-07-16 00:17 - 2016-07-16 00:17 - 0018115 _____ () C:\Users\Adam\AppData\Roaming\UserTile.png
2014-05-29 19:45 - 2014-05-29 19:46 - 0007612 _____ () C:\Users\Adam\AppData\Local\resmon.resmoncfg
2015-08-09 02:10 - 2015-08-09 02:10 - 0000000 _____ () C:\Users\Adam\AppData\Local\{F7AFF22D-F8D3-457D-A170-F72C6116EF10}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-30 21:01

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2016
Ran by Adam (03-10-2016 20:43:06)
Running from C:\Users\Adam\Downloads
Microsoft Windows 10 Home Version 1511 (X86) (2016-02-01 09:37:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Adam (S-1-5-21-2631302871-3897047704-381176597-1000 - Administrator - Enabled) => C:\Users\Adam
Administrator (S-1-5-21-2631302871-3897047704-381176597-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2631302871-3897047704-381176597-503 - Limited - Disabled)
Guest (S-1-5-21-2631302871-3897047704-381176597-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Premiere Pro 2.0 (HKLM\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
ASUS Xonar DGX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Avast Internet Security (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Enemy Front (HKLM\...\Steam App 256190) (Version: - CI Games)
Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaImpression 3.0 for PENTAX (HKLM\...\{C0A25D74-1A95-40ED-AA67-E6F21D9C8A38}) (Version: 3.0.1.60 - ArcSoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2631302871-3897047704-381176597-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM\...\Raptr) (Version: - )
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
TomTom HOME (HKLM\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2631302871-3897047704-381176597-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2631302871-3897047704-381176597-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Adam\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045E8745-A914-4135-9150-0C5A29E87AD0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {0A5B65EE-0672-458D-906A-ED41C55FA2EE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19DAE450-AAD4-41BF-A358-6FB791AE1177} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1DCB3B19-BF46-41FC-BD9A-0570BAD0BE76} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1ECA7BA2-BDB9-4E66-AED4-2EF4CC9B57FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-21] (Piriform Ltd)
Task: {2B55059F-7B9C-495E-B421-21CDF9311817} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2EC7F16A-1A5F-4752-BC20-0D5D8EC7AE16} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {30E76DEE-8B85-4C81-8D1C-3638F0983F37} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe
Task: {3D0F7824-1822-4F8D-BFB4-A2BAFF017159} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42535287-DE74-4EC2-B17A-C5ED96E1953A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-20] (Adobe Systems Incorporated)
Task: {493A917E-5D69-4E67-8DB4-574BDEA39B0B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5A0081A0-6157-40E5-85E8-77E0D1031248} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5D56B3B4-2086-4307-8B11-E78A577CBCE6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6213202F-0A71-46A8-9850-5BAAC8F9769A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F4A231B-4997-4287-B5F7-3F0792E362AE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6F95BA03-F70C-4197-B948-A9A8C48B55A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {77784716-E94F-4EBB-B64F-513120E26646} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8062FA1B-21FD-43D3-B410-58AE0E9B36EA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {838E6E58-E167-4AC7-B5A7-C92853E316B5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8A58758C-EC1F-4031-B418-42735ED8244A} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {8AE27006-FF96-45FD-AF8C-9403088A71B6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8F069FF9-0512-4B90-BE27-B9E2E07C93F1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {8F30A811-1124-4D6B-941C-80F950B0A1BA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F9F5BB7-89B7-46DC-AAE9-B5A380AA76B4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {97F10F56-B25C-4246-A2C3-F337CF8C8FDB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DCFF7BA-8915-4274-9154-72D3355E9BF7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9EF98230-445A-4186-B17A-6EA32FF96351} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A563153E-56AA-4663-8574-448A6BE15B96} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A618683F-C0FB-400D-9C4C-7CAF36745CED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AD0CE558-A1A6-4BA5-9435-AFC42EE271D6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFFC971A-6B90-45E6-9426-2FC7E10C874D} - System32\Tasks\SafeZone scheduled Autoupdate 1457755618 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {B055412A-1C77-415B-AD29-D4844814815F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {BC557CC5-6FBD-4D80-9A05-5E98DB8A2E88} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
Task: {BE9A5ADB-3F0F-4915-9B09-15F249BC2F86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CC23E9B7-BEA1-4A0A-AE90-0098D7EBA64F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0C81A6A-65B5-46E4-8BEA-A9C5F8A55E6D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D8B673BF-9B0B-47D2-8929-E9987E309FF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {E023208C-1866-423D-B7E0-5E07ED3E2230} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E20267C8-C094-4585-B32B-C672B68257A7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E7ACB125-C4CB-40C0-9E45-B89F0751439E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F1ED72D4-50FE-4F66-B41E-689B09B2489C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F2D2D799-C0C7-4AE8-9E78-1D7F862C1988} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F8EAEC78-0609-4011-A808-C563C9428E54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 16:44 - 2015-10-30 16:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-01 20:19 - 2015-12-17 01:36 - 00114480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-03-08 19:10 - 2016-03-08 19:10 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-08 19:10 - 2016-03-08 19:10 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2014-05-17 18:18 - 2014-05-17 18:18 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2016-01-27 22:31 - 2015-12-17 04:15 - 00164984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-30 16:44 - 2015-10-30 16:44 - 01858424 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 16:45 - 2015-10-30 17:57 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 18:00 - 2015-10-30 18:00 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 18:00 - 2015-10-30 18:00 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-10-30 18:00 - 2015-10-30 18:00 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-30 18:00 - 2015-10-30 18:00 - 02884096 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2015-10-30 18:00 - 2015-10-30 18:00 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2015-10-30 16:44 - 2015-10-30 16:44 - 01858424 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-27 22:31 - 2015-12-17 04:15 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2015-10-30 16:44 - 2015-10-30 16:44 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 16:44 - 2015-10-30 16:44 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 16:45 - 2015-10-30 17:57 - 05352960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 16:45 - 2015-10-30 17:57 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 16:45 - 2015-10-30 17:57 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-08 19:10 - 2016-03-08 19:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-15 18:42 - 2016-04-15 18:42 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-05-12 20:28 - 2008-07-11 18:04 - 00200704 _____ () C:\Windows\System\HsMgr.exe
2016-09-17 18:47 - 2016-09-14 11:38 - 01806152 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 18:47 - 2016-09-14 11:38 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-09-18 10:36 - 2016-09-12 18:48 - 17754304 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2631302871-3897047704-381176597-1000\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-2631302871-3897047704-381176597-1000\...\commbank.com.au -> hxxps://www1.my.commbank.com.au

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2014-11-23 16:29 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2631302871-3897047704-381176597-1000\Control Panel\Desktop\\Wallpaper -> c:\users\adam\pictures\wallpapers\jade-tower-34.jpg
DNS Servers: 10.143.147.147 - 10.143.147.148
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: lfsvc => 3
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Cmaudio8788 => RunDll32 cmicnfgp.cpl,CMICtrlWnd
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Raptr => "C:\Program Files\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{E82FA548-E4EB-4DCE-B31E-8936C8FB9F44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF0C0244-66EB-49EC-81B3-4626AD7A2044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DA3580D5-2A54-46BC-B555-8725DC70C5C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8316EA57-4D9B-4ECB-A418-FAEA8429723B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2C5A5ED7-F3D7-4AB7-ADA5-75E2E815CC14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2A1CCE87-D488-4FD5-AF55-ACD6FB55C1F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{55319FDD-799E-4ABA-BE89-9C01454C85E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AC9D5BDF-8F4B-4525-A801-E5520B5EBE23}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{7604A4CC-673D-4854-899A-C56590EC0259}] => (Allow) C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BF3ACAE0-5200-4595-8CEE-AF28D7D9FF57}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{698243A3-FF7D-44E9-A27A-DD3147D0EAC4}] => (Allow) LPort=2869
FirewallRules: [{4B935912-A969-4852-968A-23F6C35925CA}] => (Allow) LPort=1900
FirewallRules: [{FD922B74-0986-4BAC-AA4C-57B7566AF8E6}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{60115F76-4919-4927-B29C-3E2D8183DBD3}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{C5395171-9FBA-4147-AA1B-FD8E140BE2FB}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E68569B0-7B15-45FB-A051-909E7BC1F511}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{E3DA4D0D-73CA-425A-9C32-8976484D53EE}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{2CE6D5D5-BA1C-4662-AB9A-F8C115D32C08}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{040C5DC5-64BE-424A-A481-0A72EEE7245B}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{4AF67D88-1577-4183-8CA5-2A55720ED503}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C959B0B9-266C-4B4E-BDD7-F29D28F01972}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{B75E95CD-415B-4605-9567-5FE67F75AF34}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{F8DE2E3F-09AE-4EF6-ABE3-AD101BD03FD7}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{06529E51-B0F7-4CDA-8B28-52ABB970950B}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{3F8C42C9-5435-4791-AFA0-710E4DCE3C97}] => (Allow) C:\Program Files\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{FC687A96-83F7-47EB-A5A7-908E95597B00}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{E2F63006-73EC-4187-916C-D9308608D4EC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CBF44472-C285-4ACD-AAEB-8A765740443F}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB90B509-4FD6-488D-859A-AE91B2CA6DA6}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4CF238BA-9ADE-4751-B1D6-D3D164275E27}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\EnemyFront.exe
FirewallRules: [{7C51341B-1454-4060-BB58-7C562CA45316}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\EnemyFront.exe
FirewallRules: [{5882E126-E53C-45FD-B18E-BBE90492C63B}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\DedicatedServer.exe
FirewallRules: [{9B658298-504E-4D95-B805-E743C0B377D8}] => (Allow) C:\Program Files\Steam\steamapps\common\Enemy Front\Bin32\DedicatedServer.exe
FirewallRules: [{0798529E-7477-473A-A5B8-D8C9FA3B2B22}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{DFC111D5-BD6E-41AD-99B1-8DFA289950EE}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{2C7780C7-91EB-4DF8-A16C-DFBC99AAAFA8}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{FF606223-58A2-4EF3-8A3F-442B2AF1FB2B}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{DA330B16-A211-4607-B961-AF3554D46F1E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{62A3BF0A-70C3-41A1-A84F-102E052DA7DC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{31FC0008-8145-4F27-9328-374DF8603A82}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{736E3FA5-A743-4923-BD2F-6086A2A5E9F7}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{5FEC895C-D9DC-4209-820F-ADE3B7319016}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{C326D3EE-C4C2-4822-AB5D-9E14B00420F0}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{617C0613-4E04-471E-8F0D-236261002F89}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{552BC820-B417-4266-B247-7BAC1384AB3F}] => (Allow) C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{2620848B-5025-4440-B25E-A9438EC10F46}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-09-2016 22:26:34 Scheduled Checkpoint
22-09-2016 20:38:42 Scheduled Checkpoint
30-09-2016 21:08:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2016 07:51:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2016 07:50:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\CrtCheck.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23506.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2016 07:50:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2016 07:50:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\CrtCheck.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23506.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2016 07:49:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2016 07:49:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\CrtCheck.exe".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23506.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/03/2016 07:45:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adams-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (10/03/2016 08:44:20 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 08:44:20 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 08:19:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 10 Version 1511 (KB3152599).

Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 07:59:10 PM) (Source: DCOM) (EventID: 10016) (User: Adams-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Adams-PC\Adam SID (S-1-5-21-2631302871-3897047704-381176597-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2016 07:56:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.229.764.0).


CodeIntegrity:
===================================
Date: 2016-10-03 20:33:18.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:18.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:18.529
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:18.480
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:17.749
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:17.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:17.151
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:17.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:17.101
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 20:33:16.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 78%
Total physical RAM: 3327.11 MB
Available physical RAM: 700.68 MB
Total Virtual: 6655.11 MB
Available Virtual: 3245.95 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:465.31 GB) (Free:399.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 11AFA75F)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

I don't see much there so far.
First of all, did you try to reinstall Avast?
 
No. Im worried ill just have to pay for it again.And also an infection may take place during the uninstall period?
Ill try it yes?
 
You should have an email from Avast with your license.
If not, since you paid for it, you can always activate it online just by providing your email address.
You won't get infected if you're not going to do anything else but reinstalling Avast.
Go ahead.
 
Uninstalled,rebooted tried to reinstall. I cant as windows is telling me this programme wont run on W10. I think I had W7 and then free upgraded to W10. ? iVE contacted avasted with my problem. no responce so far!?
 
Windows version shouldn't matter.
Where did you get installation file from?
 
Status
Not open for further replies.
Back